Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
The restriction details in the ACL json output can be ambiguous in some situations.
For example, in the example below it is not clear if the "rep:glob" restriction applies to the "jcr:read" privilege or the "rep:write" privilege.
{
"user1":{
"principal":"user1",
"granted":[
"jcr:read"
],
"denied":[
"rep:write"
],
"order":0,
"restrictions":{
"rep:glob":"glob1"
}
}
}
Expected:
The JSON structure of the ACE should be enhanced to make it more clear.
For example, replace the "granted/denied/restrictions" items with a "privileges" structure whose items are the granted or denied privileges. Each privilege has a "deny" and/or "grant" child whose value is either true (no restrictions) or an array of restrictions + values.
For example:
{
"user1":{
"principal":"user1",
"order":0,
"privileges":{
"jcr:read":{
"allow":{
"rep:glob":"glob1"
}
},
"jcr:readAccessControl":{
"allow":{
"rep:itemNames":[
"name1",
"name2"
]
}
},
"rep:write":{
"deny":true
}
}
}
}
The new format should also be flexible enough to describe a privilege that is granted and denied with different restrictions for each of those states. That scenario is impossible to describe in the old format.
Attachments
Issue Links
- links to
