New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configurable option of Authorization (roles and permissions) for each route #162

Closed
jeevatkm opened this Issue Apr 7, 2018 · 2 comments

Comments

@jeevatkm
Member

jeevatkm commented Apr 7, 2018

The goal is to bring configurable option of Authorization at domain and route level for roles and permission.

How is authorization (Roles and Permission) check happening now?

Currently, aah user have to use Controller interceptors (Before or Before<Action> based on scenario) to do roles and permission check.

What are the benefits of having this configurable option at each route level?

  • aah performs the Authorization per configured roles and permission against logged in Subject for incoming request
    • If authorization is success then request would proceed as normal
    • If authorization is failed then aah calls error handling flow
    • If authorization check is not configured then request would proceed to controller action
  • Also you have existing flexibility and control to do you own Authorization

Configuration Syntax

# Authorization (access rights/privileges)
# 
# Note: It is not evaluated, if `<route>.auth` attribute is `anonymous`.
authorization {
  # Satisfy value is used to evaluate the result of `roles` and `permissions` attribute.
  #
  # Possible values are 
  #   - `either` => either roles or permissions should satisfy for Subject
  #   - `both`   => both roles and permissions should satisfy for Subject
  #
  # Default value is `either`.
  satisfy = "either"

  # Roles (Optional config)
  # Result of role function is evaluated as AND.
  #
  # Supported functions are `hasrole`, `hasanyrole`, `hasallroles`.
  # Roles are comma(,) separated values.
  roles = [
    "hasrole(manager)",
    "hasanyrole(role1, role2, role3)"
  ]

  # Permissions (Optional config)
  # Doc: https://docs.aahframework.org/security-permissions.html
  #
  # Result of permission function is evaluated as AND.
  #
  # Supported functions are `ispermitted`, `ispermittedall`.
  # Permissions are pipe(|) separated values.
  permissions = [
    "ispermitted(newsletter:read,write)",
    "ispermittedall(newsletter:read,write | newsletter:12345)"
  ]
}

Where to configure Authorization ?

Authorization configuration defined in routes.conf.

  • Child Route inherits parent authorization { ... } config if not defined.

  • Implementation
  • Documentation

@jeevatkm jeevatkm added this to the v0.11.0 Milestone milestone Apr 7, 2018

@jeevatkm jeevatkm self-assigned this Apr 7, 2018

@jeevatkm jeevatkm added this to v0.11.0 - Iteration in aah Roadmap Apr 7, 2018

@jeevatkm jeevatkm modified the milestone: v0.11.0 Milestone Apr 7, 2018

@jeevatkm jeevatkm moved this from v0.11.0 - Iteration to v0.11.0 - In Progress in aah Roadmap Apr 14, 2018

@jeevatkm jeevatkm moved this from v0.11.0 - In Progress to v0.11.0 - Iteration in aah Roadmap Apr 30, 2018

@jeevatkm jeevatkm moved this from v0.11.0 - Iteration to v0.11.0 - In Progress in aah Roadmap May 1, 2018

@jeevatkm jeevatkm changed the title from Configurable option of roles and permissions for each route to Configurable option of Authorization (roles and permissions) for each route May 18, 2018

@jeevatkm

This comment has been minimized.

Member

jeevatkm commented May 18, 2018

All - You're invited to discuss this spec before implementation 😄

jeevatkm added a commit to go-aah/security that referenced this issue May 24, 2018

jeevatkm added a commit to go-aah/router that referenced this issue May 24, 2018

jeevatkm added a commit to go-aah/security that referenced this issue May 24, 2018

jeevatkm added a commit that referenced this issue May 24, 2018

jeevatkm added a commit to go-aah/docs that referenced this issue May 27, 2018

@jeevatkm

This comment has been minimized.

Member

jeevatkm commented May 27, 2018

Its done 😄

@jeevatkm jeevatkm closed this May 27, 2018

aah Roadmap automation moved this from v0.11.0 - In Progress to v0.11.0 - Completed May 27, 2018

@jeevatkm jeevatkm moved this from v0.11.0 - Completed to Released to Audience in aah Roadmap Jul 7, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment