Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extend permission predicates to check requests content #479

Closed
ujibang opened this issue Sep 11, 2023 · 1 comment
Closed

Extend permission predicates to check requests content #479

ujibang opened this issue Sep 11, 2023 · 1 comment
Assignees
@ujibang
Labels
feature request
Milestone
7.5

Comments

@ujibang
Copy link
Contributor

ujibang commented Sep 11, 2023
edited
Loading

Brief overview

mongoAclAuthorizer and fileAclAuthorizer use predicates to define permissions.

Add new predicates to check the request content.

Rationale

In many cases it would be very useful to define a permission on the basis of the request content.

Detailed documentation

predicate    
bson-request-prop-equals true if the request content is bson and the value of the property key (can use the dot notation) is equal to value if the request content is {"sub": { "foo": "bar" }} then bson-request-prop-equals(key=sub.foo, value='"bar"') and bson-request-prop-equals(key=sub, value='{"foo": "bar"}') is true; bson-request-prop-equals(key=sub.foo, value='"baz"') is false
bson-request-array-contains true if the request content is bson and the property key (can use the dot notation) is an array that contains all values if the request content is { "a": [ "foo", "bar" ] } then bson-request-array-contains(key=a, values='"foo"' ) and bson-request-array-contains(key=a, values={ '"foo"', '"bar"' } ) aretrue; bson-request-array-contains(key=a, values={ '"foo"', '"baz"' } ) is false
bson-request-array-is-subset true if the request content is bson and the property 'key' (can use the dot notation) is an array that is a subset of 'values' if the request content is { "a": [ "foo", "bar" ] } then bson-request-array-is-subset(key=a, values={ '"foo"', '"bar"', '"baz"' }) is true; bson-request-array-is-subset(key=a, values={ '"foo"', '"baz"' }) is false

Note: the double quotes in values since each element must be valid bson such as 1 (number), "1" (string), "bar" (string) or {"foo": "bar"} (object)
@ujibang ujibang added this to the 7.5 milestone Sep 11, 2023
@ujibang ujibang self-assigned this Sep 11, 2023
ujibang added a commit that referenced this issue Sep 11, 2023
@ujibang
✨ Extend permission predicates to check requests content
bcc1f28 
#479
ujibang added a commit that referenced this issue Sep 11, 2023
@ujibang
✨ Extend permission predicates to check requests content
c98523c 
#479
ujibang added a commit that referenced this issue Sep 14, 2023
@ujibang
✨ Add permission predicate bson-request-array-is-subset
6e2636f 
#479
@ujibang
Copy link
Contributor Author

ujibang commented Sep 18, 2023

documented in https://restheart.org/docs/security/authorization#predicates

@ujibang ujibang closed this as completed Sep 18, 2023
ujibang added a commit that referenced this issue Sep 18, 2023
@ujibang
✨ Add permission predicate bson-request-array-is-subset
7243471 
#479
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ujibang ujibang

Labels
feature request
Projects
None yet
Milestone
7.5
Development

No branches or pull requests
1 participant
@ujibang