Access Control Policies
Inheritance of policies or usecases
One can block inherited policies for all usecases
<?xml version="1.0"?>
<policy xmlns="http://www.wyona.org/security/1.0" use-inherited-policies="false">
<usecase id="view">
<!--<world permission="false"/>-->
<user id="lenya" permission="true"/>
</usecase>
<usecase id="open">
<user id="lenya" permission="true"/>
</usecase>
<usecase id="write">
<user id="lenya" permission="true"/>
</usecase>
</policy>
or also for a particular usecase
<?xml version="1.0"?>
<policy xmlns="http://www.wyona.org/security/1.0">
<usecase id="view" use-inherited-policies="false"
<!--<world permission="false"/>-->
<user id="lenya" permission="true"/>
</usecase>
</policy>
Default usecases
The defaul usecases are currently hard-coded within org.wyona.yanel.servlet.YanelServlet
and org.wyona.security.impl.PolicyManagerImplVersion2
- view: Allows to access the resource generated content
- yanel.resource.meta: Allows to access the meta data of resource (e.g. resource type)
- open: Allows to access the source content of a resource
- write: Allows to write/save data to the source content of a resource
- delete: Allows to delete a resource
- resource.create: Allows to create a resource
- toolbar: Allows to access the Yanel toolbar
- introspection: Allows to access the Neutron introspection of a resource
- policy.read: Allows to view the access policy of a resource
- policy.update: Allows to modify the access policy of a resource
Custom usecases
For example workflow transitions!
How it works
The access control directory mimics the data directory. Each file-or-dir-name.policy file sets the rules for
How to block parts of the realm
Here is an example that shows what needs to be done to block view acces to all parts of a website except a special page (useful for production websites "under construction"):
- Leave the default policy open: in the
Your comments are much appreciated
Is the content of this page unclear or you think it could be improved? Please add a comment and we will try to improve it accordingly.