You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem / use case?
We want to avoid unwanted deletion of entities. It could happen (e.g. human error using administration web portals) user may unintentionally delete entities.
It would be great to have some protection mechanism to avoid that.
Describe the solution you'd like
An special attribute defining permissions on the entity (similar to the chmod permission in Linux-based systems). Using that attribute we could specify for instance:
The entity is read only
The entity cannot be deleted
Etc.
Let's name this attribute permissions.
Some behaviours would be implemented
The semantic of the operation on the entity will be checked agains the permissions value. If an unallowed operation is done on the entity, the proper error (400? 401? 403?... not sure at the present moment) should be returned, explaining to the use the cause of the error.
The permissions attribute could be modified to change permissions, but only in a single-attribute update operation.
Note that as long as the permissions attribute is freely modificable, this is not though as a full-protection mechanism. However, it would avoid accidental entities removal because to remove an entity two operations would need to be done:
Delete the permissions attribute in the entity
Delete the entity itself
In order to increase security, we would need to implement role-based permissions (so only users with the administrator role could change the permissions attribute on entities). Maybe we could leverage PEP to do that but, anyway, it lays out of the scope of this specific issue.
Describe alternatives you've considered
None
Describe why you need this feature
To approach a new use case.
Do you have the intention to implement the solution
Yes, I have the knowledge to implement this new feature.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem / use case?
We want to avoid unwanted deletion of entities. It could happen (e.g. human error using administration web portals) user may unintentionally delete entities.
It would be great to have some protection mechanism to avoid that.
Describe the solution you'd like
An special attribute defining permissions on the entity (similar to the chmod permission in Linux-based systems). Using that attribute we could specify for instance:
Let's name this attribute
permissions.Some behaviours would be implemented
permissionsvalue. If an unallowed operation is done on the entity, the proper error (400? 401? 403?... not sure at the present moment) should be returned, explaining to the use the cause of the error.permissionsattribute could be modified to change permissions, but only in a single-attribute update operation.Note that as long as the
permissionsattribute is freely modificable, this is not though as a full-protection mechanism. However, it would avoid accidental entities removal because to remove an entity two operations would need to be done:permissionsattribute in the entityIn order to increase security, we would need to implement role-based permissions (so only users with the administrator role could change the
permissionsattribute on entities). Maybe we could leverage PEP to do that but, anyway, it lays out of the scope of this specific issue.Describe alternatives you've considered
None
Describe why you need this feature
Do you have the intention to implement the solution
The text was updated successfully, but these errors were encountered: