You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
parent role is before child role, child role is indented from parent role
name only in datagrid
create role form (name, parent role)
edit role form (name, parent role, allowed resources)
each resource is a checkbox (allowed / not allowed)
each resource is translated (you can make use of resource naming in style wall.XXX for translations)
under / near each checkbox there is smaller text saying e.g. "Allowed by parent role XXX" or "not inherited from parents" (check recursively), this should also change after change of "parent role" input
in some later versions, we will probably implement some grouping of resources (parent resource, etc.), but there is no need to do it now
edit role users form (role, users with this role)
Other stuff:
do not forget to invalidate cache for authorizator after each relevant change
default roles should not be deletable and editable (with exception to their permissions). Also keep in mind, that default roles should have translated names (as opposed to user-created roles, which do not have translated name)
New resources:
wall.acl.roles - you can access administration of roles, create new roles and modify their permissions, but only with those resources, you have access to. You can also assign roles to users, but only those roles you have (or parents of your roles) - default availability for wall.admin.
wall.acl.allResources - you can modify all permissions, even for resources you do not have access to - default availability: wall.owner
wall.acl.allRoles - you can assign all roles to users, not only the ones you have - default availability: wall.owner
REST API:
roles
GET - list of roles for current wall (also parent role id, if any)
POST - adds new role
roles/{id}
POST - updates a role
DELETE - deletes a role, if it had children, they will receive parent of currently deleted role, users with deleted role will lose that role
roles/{id}/users
GET - list of users in that role
POST - adds new user to that role (accepts id, returns whole user in same form as in GET)
Features (in admin):
wall.XXXfor translations)Other stuff:
New resources:
wall.acl.roles- you can access administration of roles, create new roles and modify their permissions, but only with those resources, you have access to. You can also assign roles to users, but only those roles you have (or parents of your roles) - default availability forwall.admin.wall.acl.allResources- you can modify all permissions, even for resources you do not have access to - default availability:wall.ownerwall.acl.allRoles- you can assign all roles to users, not only the ones you have - default availability:wall.ownerREST API:
rolesGET- list of roles for current wall (also parent role id, if any)POST- adds new roleroles/{id}POST- updates a roleDELETE- deletes a role, if it had children, they will receive parent of currently deleted role, users with deleted role will lose that roleroles/{id}/usersGET- list of users in that rolePOST- adds new user to that role (accepts id, returns whole user in same form as inGET)roles/{roleId}/users/{userId}DELETE- deletes user from role