Uploaded image for project: '[Read Only] - Hippo Repository'
  1. [Read Only] - Hippo Repository
  2. REPO-2271

Introducing a new DomainsManager provided through the RepositorySecurityManager

    XMLWordPrintable

Details

    • New Feature
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • None
    • 14.0.0
    • None
    • None

    Description

      With the introduction of federated domainfolders in REPO-2242, securing the access to the now multiple domainfolders itself has become much harder

      The intend is that security administration users with the xm-security-manager userrole should all have readonly access and readwrite to those (also) having the xm-security-application-manager userrole.

      But because these federated domainfolders can be 'anywhere', setting-up pre-defined domainrules no longer is possible (because we don't know their parent paths and thus also cannot provide implicit read access to those parent paths).

      However, the proper solution is relatively easy, and a direction we want/need to implement more and more anyway, by providing a dedicated API/service hiding the access which then simply can use a system session under the covers (and thus no longer needs setting up domainrules).

      Thus: this new DomainsManager service, provided through the RepositorySecurityManager (see also REPO-2253).

      The main (only) use-case currently is within the CMS admin perspective, and the current provided API is therefore, for now, rather simple and basic. 

      The DomainsManager provides administrative (crud) domain management, limited to only hipposys:authrole children of an existing hipposys:domain.

      The corresponding changes to adapt and use the DomainsManager, instead of direct read/write JCR operations, will be done through issue CMS-12065.

       

       

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              adouma Ate Douma (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: