Versions Compared

Old Version 21

changes.mady.by.user Julie Legendre

Saved on

compared with

New Version 22

changes.mady.by.user Julie Legendre

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

JCR access security can be bypassed for the delivery endpoint for testing purposes.

Role-based security for commands

Command level security access is the lowest level of access you can configure by role for REST endpoints. 

...

Todo

Jira
serverMagnolia - Issue tracker
columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId500b06a6-e204-3125-b989-2d75b973d05f
keyDOCU-1199

To be further specified into

  • rest roles used on the public instance - mainly to grant to anonymous user
  • rest roles for the author context for specific apps and whatnot ...

Enabling the commands endpoint

Note

You can make sweeping changes with commands, such as bypassing approval and deleting the whole site. Commands are therefore subject to special security restrictions. 

To enable the use of commands through REST:

  1. Open the security app and grant the rest-admin role a permission to issue requests to the commands endpoint.  Permission to the endpoint is denied by default. Add a new rule.
    Image Removed
  2. Whitelist any commands you want to expose to REST. The white list is managed in /modules/rest-services/rest-endpoints/commands/enabledCommands.

...

enableHeadingAttributesfalse
enableSortingfalse
classm5-configuration-tree
enableHighlightingfalse

...

Mgnl f
modules

...

Mgnl f
rest-services

...

Mgnl f
rest-endpoints

...

Mgnl n
commands

...

Mgnl n
enabledCommands

...

Mgnl n
activate

...

Mgnl n
access

...

Mgnl n
roles

...

Mgnl p
rest

...

rest-admin

...

Mgnl p
catalogName

...

website

...

Mgnl p
commandName

...

activate

...

Mgnl n
markAsDeleted

...

Mgnl n
backup

Properties:

...

required

Enabled commands node.

...

<command>

...

required

Arbitrary name for the command. Use any name you like.

...

access

...

required

Access node.

...

roles

...

required

Roles node.

...

<role>

...

required

Role name. Grants the role permission to execute the command . Add the rest-admin role. The property name is arbitrary but the value must be a valid role name.

...

catalogName

...

required

Catalog where the command resides.

...

commandName

...

required

Command definition name.