[jira] [Commented] (SLING-11243) Allow modifying an ace with more specific restriction details
[ https://issues.apache.org/jira/browse/SLING-11243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17629548#comment-17629548 ] Eric Norman commented on SLING-11243: - PR #16 fixes a problem where if any leaf privilege has different restrictions than a contained aggregate parent privilege, then the parent should not be set and the non-conflicting ancestors should be set instead to avoid an ambiguous definition. > Allow modifying an ace with more specific restriction details > - > > Key: SLING-11243 > URL: https://issues.apache.org/jira/browse/SLING-11243 > Project: Sling > Issue Type: New Feature >Reporter: Eric Norman >Assignee: Eric Norman >Priority: Major > Fix For: JCR Jackrabbit Access Manager 3.1.0 > > Time Spent: 3h 40m > Remaining Estimate: 0h > > Support for modifying an ace with more specific details to support advanced > usage of privileges with restrictions. > These are a few of the use cases: > # Setting a restriction for a specific privilege instead of for all > privileges > # Removing a restriction from a specific privilege > # Privilege can set for the 'allow' and 'deny' state at the same time if > those have different restrictions > # Privilege can be unset for 'allow' or 'deny' state while leaving the other > state alone > > The proposal is to supporting these additional request parameters: > > {code:java} > One param for each privilege to delete. The parameter value must be either > 'allow', 'deny' or 'all' to specify which state to delete from. > privilege@[privilege_name]@Delete > One param for each restriction value. The same parameter name may be used > again for multi-value restrictions. The @Allow or @Deny suffix specifies > whether to apply the restriction to the 'allow' or 'deny' privilege. The > value is the target value of the restriction to be set. > restriction@[privilege_name]@[restriction_name]@Allow > restriction@[privilege_name]@[restriction_name]@Deny > One param for each restriction to delete. The parameter value must be either > 'allow', 'deny' or 'all' to specify which state to delete from. > restriction@[privilege_name]@[restriction_name]@Delete {code} > > For consistency, also extend the values allowed for the > "privilege@[privilege_name]" parameter to accept 'allow' or 'deny' as aliases > for 'granted' or 'denied'. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (SLING-11243) Allow modifying an ace with more specific restriction details
[ https://issues.apache.org/jira/browse/SLING-11243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17553144#comment-17553144 ] Eric Norman commented on SLING-11243: - PR #15 fixes a problem where modifying an ACE should not include a allow/deny aggregate privilege when there is a deny/allow child privilege with the same restrictions as the parent > Allow modifying an ace with more specific restriction details > - > > Key: SLING-11243 > URL: https://issues.apache.org/jira/browse/SLING-11243 > Project: Sling > Issue Type: New Feature >Reporter: Eric Norman >Assignee: Eric Norman >Priority: Major > Fix For: JCR Jackrabbit Access Manager 3.1.0 > > Time Spent: 3h 10m > Remaining Estimate: 0h > > Support for modifying an ace with more specific details to support advanced > usage of privileges with restrictions. > These are a few of the use cases: > # Setting a restriction for a specific privilege instead of for all > privileges > # Removing a restriction from a specific privilege > # Privilege can set for the 'allow' and 'deny' state at the same time if > those have different restrictions > # Privilege can be unset for 'allow' or 'deny' state while leaving the other > state alone > > The proposal is to supporting these additional request parameters: > > {code:java} > One param for each privilege to delete. The parameter value must be either > 'allow', 'deny' or 'all' to specify which state to delete from. > privilege@[privilege_name]@Delete > One param for each restriction value. The same parameter name may be used > again for multi-value restrictions. The @Allow or @Deny suffix specifies > whether to apply the restriction to the 'allow' or 'deny' privilege. The > value is the target value of the restriction to be set. > restriction@[privilege_name]@[restriction_name]@Allow > restriction@[privilege_name]@[restriction_name]@Deny > One param for each restriction to delete. The parameter value must be either > 'allow', 'deny' or 'all' to specify which state to delete from. > restriction@[privilege_name]@[restriction_name]@Delete {code} > > For consistency, also extend the values allowed for the > "privilege@[privilege_name]" parameter to accept 'allow' or 'deny' as aliases > for 'granted' or 'denied'. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (SLING-11243) Allow modifying an ace with more specific restriction details
[ https://issues.apache.org/jira/browse/SLING-11243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17541090#comment-17541090 ] Eric Norman commented on SLING-11243: - Merged PR #13 at: [{{f65fae1}}|https://github.com/apache/sling-org-apache-sling-jcr-jackrabbit-accessmanager/commit/f65fae14eba63926e06f03140d0325a9b2a8b742] > Allow modifying an ace with more specific restriction details > - > > Key: SLING-11243 > URL: https://issues.apache.org/jira/browse/SLING-11243 > Project: Sling > Issue Type: New Feature >Reporter: Eric Norman >Assignee: Eric Norman >Priority: Major > Fix For: JCR Jackrabbit Access Manager 3.1.0 > > Time Spent: 2h 50m > Remaining Estimate: 0h > > Support for modifying an ace with more specific details to support advanced > usage of privileges with restrictions. > These are a few of the use cases: > # Setting a restriction for a specific privilege instead of for all > privileges > # Removing a restriction from a specific privilege > # Privilege can set for the 'allow' and 'deny' state at the same time if > those have different restrictions > # Privilege can be unset for 'allow' or 'deny' state while leaving the other > state alone > > The proposal is to supporting these additional request parameters: > > {code:java} > One param for each privilege to delete. The parameter value must be either > 'allow', 'deny' or 'all' to specify which state to delete from. > privilege@[privilege_name]@Delete > One param for each restriction value. The same parameter name may be used > again for multi-value restrictions. The @Allow or @Deny suffix specifies > whether to apply the restriction to the 'allow' or 'deny' privilege. The > value is the target value of the restriction to be set. > restriction@[privilege_name]@[restriction_name]@Allow > restriction@[privilege_name]@[restriction_name]@Deny > One param for each restriction to delete. The parameter value must be either > 'allow', 'deny' or 'all' to specify which state to delete from. > restriction@[privilege_name]@[restriction_name]@Delete {code} > > For consistency, also extend the values allowed for the > "privilege@[privilege_name]" parameter to accept 'allow' or 'deny' as aliases > for 'granted' or 'denied'. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (SLING-11243) Allow modifying an ace with more specific restriction details
[ https://issues.apache.org/jira/browse/SLING-11243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17540235#comment-17540235 ] Eric Norman commented on SLING-11243: - PR #13 fixes a problem related to merging of multivalue restriction values for the effective ace json output > Allow modifying an ace with more specific restriction details > - > > Key: SLING-11243 > URL: https://issues.apache.org/jira/browse/SLING-11243 > Project: Sling > Issue Type: New Feature >Reporter: Eric Norman >Assignee: Eric Norman >Priority: Major > Fix For: JCR Jackrabbit Access Manager 3.1.0 > > Time Spent: 2.5h > Remaining Estimate: 0h > > Support for modifying an ace with more specific details to support advanced > usage of privileges with restrictions. > These are a few of the use cases: > # Setting a restriction for a specific privilege instead of for all > privileges > # Removing a restriction from a specific privilege > # Privilege can set for the 'allow' and 'deny' state at the same time if > those have different restrictions > # Privilege can be unset for 'allow' or 'deny' state while leaving the other > state alone > > The proposal is to supporting these additional request parameters: > > {code:java} > One param for each privilege to delete. The parameter value must be either > 'allow', 'deny' or 'all' to specify which state to delete from. > privilege@[privilege_name]@Delete > One param for each restriction value. The same parameter name may be used > again for multi-value restrictions. The @Allow or @Deny suffix specifies > whether to apply the restriction to the 'allow' or 'deny' privilege. The > value is the target value of the restriction to be set. > restriction@[privilege_name]@[restriction_name]@Allow > restriction@[privilege_name]@[restriction_name]@Deny > One param for each restriction to delete. The parameter value must be either > 'allow', 'deny' or 'all' to specify which state to delete from. > restriction@[privilege_name]@[restriction_name]@Delete {code} > > For consistency, also extend the values allowed for the > "privilege@[privilege_name]" parameter to accept 'allow' or 'deny' as aliases > for 'granted' or 'denied'. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (SLING-11243) Allow modifying an ace with more specific restriction details
[ https://issues.apache.org/jira/browse/SLING-11243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17539056#comment-17539056 ] Eric Norman commented on SLING-11243: - PR #11 fixes a problem where a second modifyace post reverses the entry order > Allow modifying an ace with more specific restriction details > - > > Key: SLING-11243 > URL: https://issues.apache.org/jira/browse/SLING-11243 > Project: Sling > Issue Type: New Feature >Reporter: Eric Norman >Assignee: Eric Norman >Priority: Major > Fix For: JCR Jackrabbit Access Manager 3.0.12 > > Time Spent: 2h 10m > Remaining Estimate: 0h > > Support for modifying an ace with more specific details to support advanced > usage of privileges with restrictions. > These are a few of the use cases: > # Setting a restriction for a specific privilege instead of for all > privileges > # Removing a restriction from a specific privilege > # Privilege can set for the 'allow' and 'deny' state at the same time if > those have different restrictions > # Privilege can be unset for 'allow' or 'deny' state while leaving the other > state alone > > The proposal is to supporting these additional request parameters: > > {code:java} > One param for each privilege to delete. The parameter value must be either > 'allow', 'deny' or 'all' to specify which state to delete from. > privilege@[privilege_name]@Delete > One param for each restriction value. The same parameter name may be used > again for multi-value restrictions. The @Allow or @Deny suffix specifies > whether to apply the restriction to the 'allow' or 'deny' privilege. The > value is the target value of the restriction to be set. > restriction@[privilege_name]@[restriction_name]@Allow > restriction@[privilege_name]@[restriction_name]@Deny > One param for each restriction to delete. The parameter value must be either > 'allow', 'deny' or 'all' to specify which state to delete from. > restriction@[privilege_name]@[restriction_name]@Delete {code} > > For consistency, also extend the values allowed for the > "privilege@[privilege_name]" parameter to accept 'allow' or 'deny' as aliases > for 'granted' or 'denied'. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (SLING-11243) Allow modifying an ace with more specific restriction details
[ https://issues.apache.org/jira/browse/SLING-11243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17539004#comment-17539004 ] Eric Norman commented on SLING-11243: - PR #10 fixes redundant privileges contained in ACE when setting restriction details for a privilege that is part of an already allowed aggregate > Allow modifying an ace with more specific restriction details > - > > Key: SLING-11243 > URL: https://issues.apache.org/jira/browse/SLING-11243 > Project: Sling > Issue Type: New Feature >Reporter: Eric Norman >Assignee: Eric Norman >Priority: Major > Fix For: JCR Jackrabbit Access Manager 3.0.12 > > Time Spent: 1h 40m > Remaining Estimate: 0h > > Support for modifying an ace with more specific details to support advanced > usage of privileges with restrictions. > These are a few of the use cases: > # Setting a restriction for a specific privilege instead of for all > privileges > # Removing a restriction from a specific privilege > # Privilege can set for the 'allow' and 'deny' state at the same time if > those have different restrictions > # Privilege can be unset for 'allow' or 'deny' state while leaving the other > state alone > > The proposal is to supporting these additional request parameters: > > {code:java} > One param for each privilege to delete. The parameter value must be either > 'allow', 'deny' or 'all' to specify which state to delete from. > privilege@[privilege_name]@Delete > One param for each restriction value. The same parameter name may be used > again for multi-value restrictions. The @Allow or @Deny suffix specifies > whether to apply the restriction to the 'allow' or 'deny' privilege. The > value is the target value of the restriction to be set. > restriction@[privilege_name]@[restriction_name]@Allow > restriction@[privilege_name]@[restriction_name]@Deny > One param for each restriction to delete. The parameter value must be either > 'allow', 'deny' or 'all' to specify which state to delete from. > restriction@[privilege_name]@[restriction_name]@Delete {code} > > For consistency, also extend the values allowed for the > "privilege@[privilege_name]" parameter to accept 'allow' or 'deny' as aliases > for 'granted' or 'denied'. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (SLING-11243) Allow modifying an ace with more specific restriction details
[ https://issues.apache.org/jira/browse/SLING-11243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17520312#comment-17520312 ] Eric Norman commented on SLING-11243: - PR #6 is now ready for review and feedback > Allow modifying an ace with more specific restriction details > - > > Key: SLING-11243 > URL: https://issues.apache.org/jira/browse/SLING-11243 > Project: Sling > Issue Type: New Feature >Reporter: Eric Norman >Assignee: Eric Norman >Priority: Major > Fix For: JCR Jackrabbit Access Manager 3.0.12 > > Time Spent: 1h 10m > Remaining Estimate: 0h > > Support for modifying an ace with more specific details to support advanced > usage of privileges with restrictions. > These are a few of the use cases: > # Setting a restriction for a specific privilege instead of for all > privileges > # Removing a restriction from a specific privilege > # Privilege can set for the 'allow' and 'deny' state at the same time if > those have different restrictions > # Privilege can be unset for 'allow' or 'deny' state while leaving the other > state alone > > The proposal is to supporting these additional request parameters: > > {code:java} > One param for each privilege to delete. The parameter value must be either > 'allow', 'deny' or 'all' to specify which state to delete from. > privilege@[privilege_name]@Delete > One param for each restriction value. The same parameter name may be used > again for multi-value restrictions. The @Allow or @Deny suffix specifies > whether to apply the restriction to the 'allow' or 'deny' privilege. The > value is the target value of the restriction to be set. > restriction@[privilege_name]@[restriction_name]@Allow > restriction@[privilege_name]@[restriction_name]@Deny > One param for each restriction to delete. The parameter value must be either > 'allow', 'deny' or 'all' to specify which state to delete from. > restriction@[privilege_name]@[restriction_name]@Delete {code} > > For consistency, also extend the values allowed for the > "privilege@[privilege_name]" parameter to accept 'allow' or 'deny' as aliases > for 'granted' or 'denied'. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (SLING-11243) Allow modifying an ace with more specific restriction details
[ https://issues.apache.org/jira/browse/SLING-11243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17520026#comment-17520026 ] Eric Norman commented on SLING-11243: - Started Draft PR #6 with the work in progress. The functionality seems to work, but it may need some final cleanup and additional test coverage before it is ready to merge. > Allow modifying an ace with more specific restriction details > - > > Key: SLING-11243 > URL: https://issues.apache.org/jira/browse/SLING-11243 > Project: Sling > Issue Type: New Feature >Reporter: Eric Norman >Assignee: Eric Norman >Priority: Major > Fix For: JCR Jackrabbit Access Manager 3.0.12 > > Time Spent: 20m > Remaining Estimate: 0h > > Support for modifying an ace with more specific details to support advanced > usage of privileges with restrictions. > These are a few of the use cases: > # Setting a restriction for a specific privilege instead of for all > privileges > # Removing a restriction from a specific privilege > # Privilege can set for the 'allow' and 'deny' state at the same time if > those have different restrictions > # Privilege can be unset for 'allow' or 'deny' state while leaving the other > state alone > > The proposal is to supporting these additional request parameters: > > {code:java} > One param for each privilege to delete. The parameter value must be either > 'allow', 'deny' or 'all' to specify which state to delete from. > privilege@[privilege_name]@Delete > One param for each restriction value. The same parameter name may be used > again for multi-value restrictions. The @Allow or @Deny suffix specifies > whether to apply the restriction to the 'allow' or 'deny' privilege. The > value is the target value of the restriction to be set. > restriction@[privilege_name]@[restriction_name]@Allow > restriction@[privilege_name]@[restriction_name]@Deny > One param for each restriction to delete. The parameter value must be either > 'allow', 'deny' or 'all' to specify which state to delete from. > restriction@[privilege_name]@[restriction_name]@Delete {code} > > For consistency, also extend the values allowed for the > "privilege@[privilege_name]" parameter to accept 'allow' or 'deny' as aliases > for 'granted' or 'denied'. -- This message was sent by Atlassian Jira (v8.20.1#820001)