Accept two pseudo-roles "engine", "rule" at Box Level ACL settings. #431

shimono · 2019-06-14T13:14:33Z

Define the following two pseudo-roles as reserved strings and accept these values for principals in ACL settings. (ACL method, Bar file)

__rule
__engine

Example

  <grant>
    <href>__rule</href>
    <privilege><p:exec /></privilege> 
  </grant>

本機能の実装によってこれらPrincipalにのみ実行を許可するようなアクセス制御を設定することができるようになる。これらPrincipalはCellが存在する限り存在が約束されているため、Barファイルでのアクセス制御設定として前提条件をおかずに記述が可能である。

これらMain Boxと同じようにCell制御オブジェクトとしては扱わない。そのため消せないし、作れないし、ExtCellやAccountと紐づけもできない。

Related Engine modification

personium/personium-engine#34

The text was updated successfully, but these errors were encountered:

shimono self-assigned this Jun 14, 2019

shimono added enhancement security labels Jun 14, 2019

shimono added this to the 1.7.16 milestone Jun 14, 2019

shimono mentioned this issue Jun 29, 2019

Introduce "_p.asEngine()" method to return an accessor with preset "__engine" accoount and role personium/personium-engine#34

Open

shimono modified the milestones: 1.7.16, 1.7.17 Jul 8, 2019

tochi-y added the 1.7 label Jul 11, 2019

tochi-y removed this from the 1.7.17 milestone Jul 11, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Accept two pseudo-roles "engine", "rule" at Box Level ACL settings. #431

Accept two pseudo-roles "engine", "rule" at Box Level ACL settings. #431

shimono commented Jun 14, 2019 •

edited

Loading

Accept two pseudo-roles "__engine", "__rule" at Box Level ACL settings. #431

Accept two pseudo-roles "__engine", "__rule" at Box Level ACL settings. #431

Comments

shimono commented Jun 14, 2019 • edited Loading

Related Engine modification

Accept two pseudo-roles "engine", "rule" at Box Level ACL settings. #431

Accept two pseudo-roles "engine", "rule" at Box Level ACL settings. #431

shimono commented Jun 14, 2019 •

edited

Loading