You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

This concept describes the current state of permission-based configuration - or lack thereof - for enabling/disabling actions (or any other UI element) based on specific access restrictions.

Decisions are marked with a (tick) icon.

Concept is ready for implementation, both for 5.2.x and for a future major version.

 

Problem

One can restrict (action) availability based on user roles, but not based on user permissions at given workspace / path.

Concrete case

As of Magnolia 5.2.1, actions are not disabled if user has no permission to act on selected node. This is an issue with e.g. read-only pages, as captured by the following Jira ticket:

MGNLUI-2510 - Getting issue details... STATUS

Current configuration

Let's take the deactivation action as an example, with following base path /modules/pages/apps/pages/subApps/browser/actions.

  • actions
    • deactivate ( ActionDefinition )
      • availability ( AvailabilityDefinition )
        • access (
          $webResourceManager.requireResource("info.magnolia.sys.confluence.artifact-info-plugin:javadoc-resource-macro-resources") AccessDefinition
           )
          • roles
            • demo-publisher = demo-project-publisher
            • superuser = superuser
        • ruleClass = info.magnolia.ui.api.availability.IsNotDeletedRule ( AvailabilityRule )
      • class = info.magnolia.ui.framework.action.DeactivationActionDefinition
      • ...

As a side note, the AccessDefinition property is named access in the case of actions but it is generally named permissions, as in AppDescriptor or AppLauncherGroupDefinition.
This has been reported to be misleading, in particular in documentation, and should be inlined whenever is appropriate.

 

Decisions

1. Configuring permission checks in availability
  • Add a requiredPermissions property under AvailabilityDefinition or AccessDefinition
    • comma separated list of JCR permissions (aka action strings)
      • add_node, set_property, remove, read
      • we should rather use Magnolia permissions
      • (minus) doesn't fit for upcoming custom permissions
    • naming is debatable (permissions > requiredPermissions)
  • Add a writePermissionRequired boolean property under AvailabilityDefinition or AccessDefinition
    • simply checks for Magnolia WRITE permission
    • (question) which entry point? cannot use PermissionUtil
    • for custom permissions, people will need to implement AvailabilityRule
  • (tick) We unify availability's access, ruleClass and other criteria using voters, in a future major version
    • supports custom permissions (forum), even non-JCR based, using dedicated voters
    • (question) Do we keep availability's "shorthands"?
      • nodeTypes, root, properties...
      • yet update underlying implementation to work with voters
      • Proposal: how about maintaining all the shorthands we have and also providing a rather smooth mechanism of moving from old impl to the new one by implementing a custom Node2BeanTransformerImpl
        that would build voters based on the properties from AvailabilityDefinition (e.g. once the property name is nodes - we generate a corresponding voter)?
  • (tick) For 5.2.x, we introduce a delegating AvailabilityRule which helps us already start working with voters

    • getting well prepared for migrating to the next approach

2. The add_node permission with subnodes-only ACLs
  • with /A readonly and /A/B/* read-write, add_node is not granted on /A/B
  • JCR spec is a bit unclear as to what absPath means in that case
    • adding a node at absPath VS. adding a node under absPath
  • 4.5 behaves the same in similar subnodes-only permissions
  • (info) Current behavior is actually correct against JCR permissions
    • add, move, reorder all require write permission on parent node
3. ActionExecutor is responsible for availability checks
  • Currently hooking in AbstractActionExecutor#isAvailableForItem
  • (warning) item is null when root is selected, no way to assess permissions then
  • #isAvailable() is (the sole) JCR Item dependent api in ActionExecutor interface and doesn't belong here
  • (tick) We keep this as a separate topic, not for 5.2.x anyway

 

Forward thinking
  • Availability / AccessDefinition is a broad concept meant to be reused across several UI components (e.g. fields, tabs, templates).
  • Can one configure custom permissions for an action? e.g. forum moderator can only perform moderation at specific path
  • Can one plug basic permission rules for non-JCR datasources (no ACLs)?

  • ActionExecutor is probably not where availability / permission checks belong.

 

 

 

 

  • No labels