Versions Compared

Old Version 2

changes.mady.by.user Julie Legendre

Saved on

compared with

New Version 3

changes.mady.by.user Julie Legendre

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


HTTP
method		URI security required

JCR access security


Specific role based security

deliveryGET

/.rest/delivery/v1/{workspace}/{path}

read access for a path on a workspace-
nodesGET

/.rest/nodes/v1/{workspace}/{path}

read access for a path on a workspace-
PUT

/.rest/nodes/v1/{workspace}/{path}

read&write access for a path on a workspace-
POST

/.rest/nodes/v1/{workspace}/{path}

read&write access for a path on a workspace-
DELETE/.rest/nodes/v1/{workspace}/{path}read&write access for a path on a workspace-
properties


GET/.rest/nodes/v1/{workspace}/{path}read access for a path on a workspace-
PUT/.rest/nodes/v1/{workspace}/{path}read&write access for a path on a workspace-
POST/.rest/nodes/v1/{workspace}/{path}read&write access for a path on a workspace-
DELETE/.rest/nodes/v1/{workspace}/{path}read&write access for a path on a workspace-
commandsPOST/.rest/commands/v2/{catalogName}/{command}-required


<EOF: note from chm>

...

REST roles

The REST module installs rest role which has the permission to issue requests to the nodes and properties endpoints by default.<I recommend describing the purpose of the 3 rest roles below.>four default roles with the following permissions:

Multiexcerpt include
MultiExcerptNamerest-role-permissions
nopaneltrue
PageWithExcerptDefault permissions

The superuser account The superuser account has the rest-admin role by default so you can use superuser to test your requests. However, for production use you should create a dedicated account for custom REST role. The anonymous account  role is specifically denied access to the REST endpoints.

Custom REST roles

We recommend to Magnolia recommends you create custom rest REST roles which grant granting specific access for specific use cases - but not more..

Todo

Jira
serverMagnolia - Issue tracker
columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId500b06a6-e204-3125-b989-2d75b973d05f
keyDOCU-1199

To be further specified into

  • rest roles used on the public instance - mainly to grant to anonymous user
  • rest roles for the author context for specific apps

...

  • and whatnot ...


Enabling commands (optional)

Include Page
_What is a command
_What is a command

Note

...

You can make sweeping changes with commands, such as bypassing approval and deleting the whole site. Commands are therefore subject to a special security restrictions. 

To enable the use of commands through REST:

  1. Open the Open the security app and grant the rest-admin role a permission to the issue to issue requests to the commands endpoint.  Permission to the endpoint is denied by default. Add a new rule.
    Image RemovedImage Added
  2. Whitelist any commands you want to expose to REST. The white list is managed in /modules/rest-services/rest-endpoints/commands/enabledCommands.

...