mongoAclAuthorizer and fileAclAuthorizer use predicates to define permissions.
Add new predicates to check the request content.
Rationale
In many cases it would be very useful to define a permission on the basis of the request content.
Detailed documentation
predicate
bson-request-prop-equals
true if the request content is bson and the value of the property key (can use the dot notation) is equal to value
if the request content is {"sub": { "foo": "bar" }} then bson-request-prop-equals(key=sub.foo, value='"bar"') and bson-request-prop-equals(key=sub, value='{"foo": "bar"}') is true; bson-request-prop-equals(key=sub.foo, value='"baz"') is false
bson-request-array-contains
true if the request content is bson and the property key (can use the dot notation) is an array that contains all values
if the request content is { "a": [ "foo", "bar" ] } then bson-request-array-contains(key=a, values='"foo"' ) and bson-request-array-contains(key=a, values={ '"foo"', '"bar"' } ) aretrue; bson-request-array-contains(key=a, values={ '"foo"', '"baz"' } ) is false
bson-request-array-is-subset
true if the request content is bson and the property 'key' (can use the dot notation) is an array that is a subset of 'values'
if the request content is { "a": [ "foo", "bar" ] } then bson-request-array-is-subset(key=a, values={ '"foo"', '"bar"', '"baz"' }) is true; bson-request-array-is-subset(key=a, values={ '"foo"', '"baz"' }) is false
Note: the double quotes in values since each element must be valid bson such as 1 (number), "1" (string), "bar" (string) or {"foo": "bar"} (object)
Brief overview
mongoAclAuthorizer
andfileAclAuthorizer
use predicates to define permissions.Add new predicates to check the request content.
Rationale
In many cases it would be very useful to define a permission on the basis of the request content.
Detailed documentation
bson-request-prop-equals
true
if the request content is bson and the value of the propertykey
(can use the dot notation) is equal tovalue
{"sub": { "foo": "bar" }}
thenbson-request-prop-equals(key=sub.foo, value='"bar"')
andbson-request-prop-equals(key=sub, value='{"foo": "bar"}')
istrue
;bson-request-prop-equals(key=sub.foo, value='"baz"')
isfalse
bson-request-array-contains
true
if the request content is bson and the propertykey
(can use the dot notation) is an array that contains allvalues
{ "a": [ "foo", "bar" ] }
thenbson-request-array-contains(key=a, values='"foo"' )
andbson-request-array-contains(key=a, values={ '"foo"', '"bar"' } )
aretrue
;bson-request-array-contains(key=a, values={ '"foo"', '"baz"' } )
isfalse
bson-request-array-is-subset
true
if the request content is bson and the property 'key' (can use the dot notation) is an array that is a subset of 'values'{ "a": [ "foo", "bar" ] }
thenbson-request-array-is-subset(key=a, values={ '"foo"', '"bar"', '"baz"' })
istrue
;bson-request-array-is-subset(key=a, values={ '"foo"', '"baz"' })
isfalse
Note: the double quotes in
values
since each element must be valid bson such as1
(number),"1"
(string),"bar"
(string) or{"foo": "bar"}
(object)