[FOLIO-3644] allow for path component references in permissions Created: 21/Nov/22 Updated: 21/Nov/22 |
|
| Status: | Open |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Story | Priority: | P3 |
| Reporter: | Jakub Skoczen | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||
| Sprint: | |||||||||
| Development Team: | Core: Platform | ||||||||
| RCA Group: | TBD | ||||||||
| Description |
|
Allow for referencing path components in permission identifiers when declaring them for a particular endpoint, for instance: "handlers": [
{
"methods": ["GET"],
"pathPattern": "/configurations/{scope}/{id}",
"permissionsRequired": [
"configuration.entries.{scope}.item.get"
]
},
This allows for enforcing "dynamic" permissons directly in Okapi/mod-authtoken hence provides better security than relying on desired permissions where enforcement is provided by a module and there are no system-level guarantees. The obvious use case for this is isolating configuration access in mod-configuration but this feature is applicable wherever access to entities returned by an endpoint should be subdivided into disjoin security levels or groups. |