Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ODATA-1273 - resolved - Define mapping of permission scopes to resources #35

Merged
merged 52 commits into from
Mar 22, 2019
Merged

ODATA-1273 - resolved - Define mapping of permission scopes to resources #35

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
52 commits
Select commit Hold shift + click to select a range
b2d6e99
work started on adding http requests to capabilities
madansr7 Oct 16, 2018
d322346
added terms from initial http request draft
madansr7 Oct 16, 2018
6a8922c
updates and comments added
madansr7 Oct 20, 2018
65baee2
adding sample for discussion
madansr7 Oct 20, 2018
633b43e
added properties to other capabilities. sample created
madansr7 Oct 31, 2018
cf21704
added sample for update user
madansr7 Oct 31, 2018
36fbcfb
removed draft properties from expand and search
madansr7 Oct 31, 2018
3a0a253
updated to change examples to example. get user scenario added to sample
madansr7 Nov 1, 2018
4510fb5
removing the term selectsupport. adding new term RetrieveRestrictions
madansr7 Nov 2, 2018
fee2ae2
changed requiredScopes to scopes, available properties are nullable.
madansr7 Nov 2, 2018
a888750
removed examples since we don't need it right now and don't think its…
madansr7 Nov 7, 2018
9e14d5e
updating the name from 'SelectRestrictions' to 'RetrieveRestrictions'…
madansr7 Nov 7, 2018
bc9a16f
clean up
madansr7 Nov 8, 2018
b39607d
changed property names, added sample for action function
madansr7 Nov 10, 2018
cf0a481
adding support for actions functions. changed to available and exclud…
madansr7 Nov 15, 2018
16568ee
changes to action restriction and removed properties from deep insert
madansr7 Nov 16, 2018
413de14
changes to actionrestriction and created service headers
madansr7 Nov 21, 2018
6d33c0f
adding container configuration term. changed action term
madansr7 Nov 26, 2018
32145fb
moved operation restriction from nav retriction type to nav prop rest…
madansr7 Nov 26, 2018
a2fcd67
remove the new term serviceheaders since it exists as property in ser…
madansr7 Nov 26, 2018
85a666a
updated sample to remove headers from each call. updated sample file
madansr7 Nov 26, 2018
a044b1a
updated samples to discuss scopes and properties listings
madansr7 Dec 4, 2018
20ec904
updated comments
madansr7 Dec 4, 2018
f5590f5
updated options based on feedback
madansr7 Dec 5, 2018
27580f7
updated sample annotation. option 3 now has a term definition
madansr7 Dec 11, 2018
a3001c5
clean up and reformatting
madansr7 Dec 11, 2018
77215cb
extracting restrictions out of nested scopes. cleaner implementation
madansr7 Jan 24, 2019
fbbc0ae
clean up. updated sample and term definition to reflect to new term u…
madansr7 Jan 25, 2019
c6864ab
merging from upstream
madansr7 Jan 25, 2019
116764b
updated discussion md
madansr7 Jan 26, 2019
6a59525
vocab namespace udpated, old record format removed
madansr7 Jan 30, 2019
dc234c6
removed discussion file
madansr7 Jan 31, 2019
6e9bafc
updates and clean up for PR
madansr7 Jan 31, 2019
b7d7c47
clean up
madansr7 Jan 31, 2019
b9c9a0d
updated sample and removed duplicated nodes
madansr7 Feb 4, 2019
2112c14
changed ReadRestriction to ReadRestrictionType to be consistent
madansr7 Feb 5, 2019
7e5d1fa
updating based on PR feedback
madansr7 Feb 12, 2019
3842bfb
moved sample to samples
madansr7 Feb 12, 2019
2d92b9f
changes to split custom headers, custom parameters out of sample, upd…
madansr7 Feb 13, 2019
37e2360
updated annotation description to say Identity in place of Name.
madansr7 Feb 21, 2019
1f8663b
changed complex type scope to scopeType.
madansr7 Feb 21, 2019
3ee47ae
updated gitignore to exclude local editor config
madansr7 Feb 27, 2019
df5a804
merging upstream master
madansr7 Feb 27, 2019
7be7831
removing operation name since that can be inferred from action or fun…
madansr7 Feb 27, 2019
b079798
modified ScopeType to add alias prefix Capabilities
madansr7 Feb 28, 2019
eb65647
changes based on PR comments
madansr7 Mar 7, 2019
4e0bcd0
removed duplicated readrestrictions term.
madansr7 Mar 7, 2019
1cab220
Merge branch 'master' of https://github.com/oasis-tcs/odata-vocabularies
madansr7 Mar 8, 2019
a3b394c
moved from sample to example folder. readme updated
madansr7 Mar 9, 2019
7cd40ef
indentation to 2 spaces
madansr7 Mar 12, 2019
da72b96
adjusting spaces on comments
madansr7 Mar 12, 2019
41385f0
updated description for restricted properties in scope type
madansr7 Mar 15, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -5,3 +5,4 @@ Makefile
cmake_install.cmake cmake_install.cmake
install_manifest.txt install_manifest.txt
CTestTestfile.cmake CTestTestfile.cmake
.editorconfig
303 changes: 303 additions & 0 deletions examples/Org.OData.Capabilities.V1.permissions-sample.xml
View file
Open in desktop
Original file line number Original file line Diff line number Diff line change
@@ -0,0 +1,303 @@
<?xml version="1.0" encoding="utf-8"?>
<edmx:Edmx Version="4.0" xmlns:edmx="http://docs.oasis-open.org/odata/ns/edmx">
<edmx:DataServices>
<Schema Namespace="microsoft.graph" xmlns="http://docs.oasis-open.org/odata/ns/edm">
<Annotations Target="microsoft.graph.GraphService/users">
<Annotation Term="Org.Graph.Vocabulary.InsertRestrictions">
<Record>
<PropertyValue Property="Permissions">
<Record>
<PropertyValue Property="Scheme" String="DelegatedWork" />
<PropertyValue Property="Scopes">
<Collection>
<Record>
<PropertyValue Property="Scope" String="User.ReadWrite.All"/>
<!--
* , [PROPERTY NAME], - list
"*" denotes all properties are accessible
"Property name" used to provide access to specific properties
"-" sign prepended to property name used to exclude specific properties
Absense of the PropertyValue denotes all properties are accessible using that scope.
-->
<PropertyValue Property="RestrictedProperties">
<string>-mailboxSettings</string>
</PropertyValue>
</Record>
<Record>
<PropertyValue Property="Scope" String="MailboxSettings.ReadWrite"/>
<PropertyValue Property="RestrictedProperties">
<string>mailboxSettings</string>
</PropertyValue>
</Record>
<Record>
<PropertyValue Property="Scope" String="Directory.ReadWrite.All"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="Directory.AccessAsUser.All"/>
</Record>
</Collection>
</PropertyValue>
</Record>
<Record>
<PropertyValue Property="Scheme" String="Application" />
<PropertyValue Property="Scopes">
<Collection>
<Record>
<PropertyValue Property="Scope" String="Directory.ReadWrite.All"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="MailboxSettings.ReadWrite"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="Directory.AccessAsUser.All"/>
</Record>
</Collection>
</PropertyValue>
</Record>
</PropertyValue>
</Record>
</Annotation>
<Annotation Term="Org.Graph.Vocabulary.UpdateRestrictions">
<Record>
<PropertyValue Property="Permissions">
<Record>
<PropertyValue Property="Scheme" String="DelegatedWork" />
<PropertyValue Property="Scopes">
<Collection>
<Record>
<PropertyValue Property="Scope" String="User.ReadWrite"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="User.ReadWrite.All"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="Directory.ReadWrite.All"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="Directory.AccessAsUser.All"/>
</Record>
</Collection>
</PropertyValue>
</Record>
<Record>
<PropertyValue Property="Scheme" String="DelegatedPersonal" />
<PropertyValue Property="Scopes">
<Collection>
<Record>
<PropertyValue Property="Scope" String="User.ReadWrite"/>
</Record>
</Collection>
</PropertyValue>
</Record>
<Record>
<PropertyValue Property="Scheme" String="Application" />
<PropertyValue Property="Scopes">
<Collection>
<Record>
<PropertyValue Property="Scope" String="User.ReadWrite.All"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="Directory.ReadWrite.All"/>
</Record>
</Collection>
</PropertyValue>
</Record>
</PropertyValue>
</Record>
</Annotation>
<!-- Read restrictions :select restrictions and then props to filter, expand, etc. -->
<Annotation Term="Org.Graph.Vocabulary.ReadRestrictions">
<Record>
<PropertyValue Property="Permissions">
<Collection>
<Record>
<PropertyValue Property="Scheme" String="DelegatedWork" />
<PropertyValue Property="Scopes">
<Collection>
<Record>
<PropertyValue Property="Scope" String="User.Read"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="User.ReadWrite"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="User.ReadBasic.All"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="User.Read.All"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="User.ReadWrite.All"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="Directory.Read.All"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="Directory.ReadWrite.All"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="Directory.AccessAsUser.All"/>
</Record>
</Collection>
</PropertyValue>
</Record>
<Record>
<PropertyValue Property="Scheme" String="Application" />
<PropertyValue Property="Scopes">
<Collection>
<Record>
<PropertyValue Property="Scope" String="User.Read"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="User.ReadWrite"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="User.ReadWrite.All"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="Directory.Read.All"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="Directory.ReadWrite.All"/>
</Record>
</Collection>
</PropertyValue>
</Record>
</Collection>
</PropertyValue>
</Record>
</Annotation>
</Annotations>
<!-- annoations on actions/functions -->
<Annotations Target="microsoft.graph.reminderView(microsoft.graph.user, Edm.String, Edm.String)">
<!-- for a path that looks like "GET /users/{id | userPrincipalName}/reminderView(startDateTime=startDateTime-value,endDateTime=endDateTime-value)" -->
<Annotation Term="Org.Graph.Vocabulary.OperationRestrictions">
<Collection>
<Record>
<PropertyValue Property="QualifiedOperationName" String="reminderView" />
<PropertyValue Property="Permissions">
<Record>
<PropertyValue Property="Scheme" String="DelegatedWork" />
<PropertyValue Property="Scopes">
<Collection>
<Record>
<PropertyValue Property="Scope" String="Calendars.Read" />
</Record>
<Record>
<PropertyValue Property="Scope" String="Calendars.ReadWrite" />
</Record>
</Collection>
</PropertyValue>
</Record>
<Record>
<PropertyValue Property="Scheme" String="DelegatedPersonal" />
<PropertyValue Property="Scopes">
<Collection>
<Record>
<PropertyValue Property="Scope" String="Calendars.Read" />
</Record>
<Record>
<PropertyValue Property="Scope" String="Calendars.ReadWrite" />
</Record>
</Collection>
</PropertyValue>
</Record>
<Record>
<PropertyValue Property="Scheme" String="Application" />
<PropertyValue Property="Scopes">
<Collection>
<Record>
<PropertyValue Property="Scope" String="Calendars.Read" />
</Record>
<Record>
<PropertyValue Property="Scope" String="Calendars.ReadWrite" />
</Record>
</Collection>
</PropertyValue>
</Record>
</PropertyValue>
</Record>
</Collection>
</Annotation>
</Annotations>
<!-- Annotating container with Auth Schemes that contain all the scopes applicable per that security scheme. Graph has 3 security schemes, DelegatedWork, DelegatedPersonal, Application -->
<Annotations Target="microsoft.graph.GraphService">
<Annotation Term="Auth.Authorizations">
<Collection>
<Record Type="Org.OData.Authorization.V1.OAuth2Implicit">
<PropertyValue Property="Name" String="DelegatedWork"/>
<PropertyValue Property="AuthorizationUrl" String="https://graph.microsoft.com" />
<PropertyValue Property="RefreshUrl" String="https://refreshUrl" />
<PropertyValue Property="Scopes">
<Collection>
<Record>
<PropertyValue Property="Scope" String="User.ReadAll"/>
<PropertyValue Property="Description" String="Read all user data"/>
<PropertyValue Property="Grant" String="User"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="User.WriteAll"/>
<PropertyValue Property="Description" String="Write all user data"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="Directory.ReadAll"/>
<PropertyValue Property="Description" String="Write to directory"/>
<PropertyValue Property="Grant" String="Admin"/>
</Record>
</Collection>
</PropertyValue>
</Record>
<Record Type="Org.OData.Authorization.V1.OAuth2Implicit">
<PropertyValue Property="Name" String="DelegatedPersonal"/>
<PropertyValue Property="AuthorizationUrl" String="https://graph.microsoft.com" />
<PropertyValue Property="RefreshUrl" String="https://refreshUrl" />
<PropertyValue Property="Scopes">
<Collection>
<Record>
<PropertyValue Property="Scope" String="User.ReadAll"/>
<PropertyValue Property="Description" String="Read all user data"/>
<PropertyValue Property="Grant" String="User"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="User.WriteAll"/>
<PropertyValue Property="Description" String="Write all user data"/>
<PropertyValue Property="Grant" String="User"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="Directory.ReadAll"/>
<PropertyValue Property="Description" String="Write to directory"/>
<PropertyValue Property="Grant" String="User"/>
</Record>
</Collection>
</PropertyValue>
</Record>
<Record Type="Org.OData.Authorization.V1.OAuth2Implicit">
<PropertyValue Property="Name" String="Application"/>
<PropertyValue Property="AuthorizationUrl" String="https://graph.microsoft.com" />
<PropertyValue Property="RefreshUrl" String="https://refreshUrl" />
<PropertyValue Property="Scopes">
<Collection>
<Record>
<PropertyValue Property="Scope" String="User.ReadAll"/>
<PropertyValue Property="Description" String="Read all user data"/>
<PropertyValue Property="Grant" String="Admin"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="User.WriteAll"/>
<PropertyValue Property="Description" String="Write all user data"/>
<PropertyValue Property="Grant" String="Admin"/>
</Record>
<Record>
<PropertyValue Property="Scope" String="Directory.ReadAll"/>
<PropertyValue Property="Description" String="Write to directory"/>
<PropertyValue Property="Grant" String="Admin"/>
</Record>
</Collection>
</PropertyValue>
</Record>
</Collection>
</Annotation>
</Annotations>
</Schema>
</edmx:DataServices>
</edmx:Edmx>
8 changes: 7 additions & 1 deletion examples/README.md
View file
Open in desktop
Original file line number Original file line Diff line number Diff line change
@@ -1,3 +1,9 @@
# Examples # Examples


<!-- describe examples here and link to them --> <!-- describe examples here and link to them -->

## Permission term example

- Permission property defined under Read, Insert, Update, Delete in the capabilities vocabulary, gives the ability to list Auth flows and scopes within those flows required to perform operations on an entity set.

The [example](/Org.OData.Capabilities.V1.permissions-sample.xml) demonstrates the use of the property.
4 changes: 4 additions & 0 deletions vocabularies/Org.OData.Authorization.V1.xml
View file
Open in desktop
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -158,6 +158,10 @@
<Property Name="Scope" Type="Edm.String" Nullable="false"> <Property Name="Scope" Type="Edm.String" Nullable="false">
<Annotation Term="Core.Description" String="Scope name" /> <Annotation Term="Core.Description" String="Scope name" />
</Property> </Property>
<Property Name="Grant" Type="Edm.String">
<Annotation Term="Core.Description" String="Identity that has access to the scope or can grant access to the scope." />
</Property>

<Property Name="Description" Type="Edm.String" Nullable="false"> <Property Name="Description" Type="Edm.String" Nullable="false">
<Annotation Term="Core.Description" String="Description of the scope" /> <Annotation Term="Core.Description" String="Description of the scope" />
</Property> </Property>
Expand Down