Details
-
New Feature
-
Status: Closed
-
Normal
-
Resolution: Fixed
-
None
-
None
-
None
Description
Since we are going the restructure the existing 'aspect oriented' security model to a more hierarchical based model (combined with aspects to possibly blacklist descendants), it is not unlikely that we for example want to have a security domain per channel. For example for /hst:myproject/hst:configurations/mychannel. However, if we add that one, for sure we also want to be able to configure /hst:myproject/hst:configurations/mychannel-preview...which quite likely does initially not exist! Therefor we need to be able to support non-existing-paths for the hierarchical domains as well. For example
/mychannel-preview:
jcr:primaryType: hipposys:facetrule
hipposys:equals: true
hipposys:facet: jcr:path
hipposys:filter: false
hipposys:type: Reference
hipposys:value: /hst:myproject/hst:configurations/mychannel-preview
should work as follows:
- If /hst:myproject/hst:configurations/mychannel-preview exists, the rule matches '/hst:myproject/hst:configurations/mychannel-preview' and descendants
- If /hst:myproject/hst:configurations/mychannel-preview does not exist, the rule doesn't match
- If /hst:myproject/hst:configurations/mychannel-preview does not exist but later on gets added, then
- The facet rule for /hst:myproject/hst:configurations/mychannel-preview should start to match thus if for example the role is 'read access' for user A, then user A should have read access on and below mychannel-preview
- Searches for user A on and below mychannel-preview must work (aka, the Authorization query should be updated!)
Attachments
Issue Links
- includes
-
REPO-2240 Support or handle runtime deleting of hierarchical white list facet rules properly
-
- Closed
-
- relates to
-
-
- Closed
-
-
CMS-12790 Add test for move node to and from location that is pointed to by a domain jcr:path reference
-
- Open
-
-
-
- Open
-
-
-
- Closed
-