[FOLIO-3644] allow for path component references in permissions Created: 21/Nov/22  Updated: 21/Nov/22

Status: Open
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Story Priority: P3
Reporter: Jakub Skoczen Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Relates
relates to MODCONF-131 Agree approach to secure configuration Closed
Sprint:
Development Team: Core: Platform
RCA Group: TBD

 Description   

Allow for referencing path components in permission identifiers when declaring them for a particular endpoint, for instance:

"handlers": [
  {
    "methods": ["GET"],
    "pathPattern": "/configurations/{scope}/{id}",
    "permissionsRequired": [
      "configuration.entries.{scope}.item.get"
    ]
  },

This allows for enforcing "dynamic" permissons directly in Okapi/mod-authtoken hence provides better security than relying on desired permissions where enforcement is provided by a module and there are no system-level guarantees.

The obvious use case for this is isolating configuration access in mod-configuration but this feature is applicable wherever access to entities returned by an endpoint should be subdivided into disjoin security levels or groups.


Generated at Thu Feb 08 23:29:38 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.