Define new Supported Attributes for model’s access control

Question

Define new Supported Attributes for model’s access control

Opened this issue 8 years ago · 3 comments

Created a list of new Supported Attributes required by models to implements new validator classes

Answer 1 · 2017-05-25T16:26:01.000Z

List of Attributes grouped by Model with small description:

Logs
CAN_LIST_LOGS: should have Admin or SuperAdmin role.
CAN_CREATE_LOGS: should have Admin or SuperAdmin role, or own data.
CAN_FILTER_LOGS: should have Admin or SuperAdmin role, or own data.

User
CAN_CREATE_USER: should have Admin or SuperAdmin role.
CAN_DELETE_USER: should have SuperAdmin role.
CAN_SAVE_USER: should have Admin or SuperAdmin role, or own data.

Role
CAN_DELETE_ROLE: should have SuperAdmin role.
CAN_CREATE_ROLE: should have SuperAdmin role.

Optional, that will be handled in the previous list for the first cut. All of them will check roles and owner at higher level than Symfony RoleVoter.
IS_ADMIN
IS_SUPERARMIN
IS_OWNER

Answer 2 · 2017-06-01T17:28:40.000Z

Based on @saarmstrong's feedback, attributes names were changed using Model before action:

Logs
LOGS_CAN_LIST
LOGS_CAN_CREATE
LOGS_CAN_FILTER

User
USER_CAN_CREATE
USER_CAN_DELETE
USER_CAN_SAVE

Role
ROLE_CAN_DELETE
ROLE_CAN_CREATE

Answer 3 · 2017-07-27T17:42:28.000Z

@ldaidone please update this ticket with a description that describes the status and blockers