Closed flymedllva closed 1 year ago
Hey Dmitry, thanks for your question. There are no current plans to extend OperationPermissions
at this time. One of the design goals of Bramble is to keep the gateway as stateless and service-agnostic as possible. In your example, some amount of stateful lookup would be required to be performed by the gateway to determine whether access is authorised. IMHO this is best dealt with by underlying services and not the gateway itself. I would recommend you develop your authorisation logic in two passes - one coarse pass implemented at the gateway level (who can access which fields) and a second fine grained pass that contains more advance logic and is implemented by the underlying services. Hope that helps!
I would like to know if there are plans to develop
OperationPermissions
to support more complex rights sharing schemes?Is it possible to make the role in
OperationPermissions
dependent on the type ID?As an example of a scheme
Let's say we have two houses with
IDs 10, 20
respectivelyWe want to make a separate role for each house, say:
owner_home_10
owner_home_20
Also for each house we want to divide groups of people into windows and doors:
owner_home_10_view_doors
owner_home_10_view_windows
owner_home_20_view_doors
owner_home_20_view_windows
If we have the role owner_home_10 we can view
owner_home_10_view_doors
andowner_home_10_view_windows
, but we cannot viewowner_home_20_view_doors
andowner_home_20_view_windows
Since the
Home
s are created through an API need some mechanism for dynamically updating roles, say from an external service For example, if you have created aHome
withID 30
and the user requested an object with this ID you need to dynamically load the information about the role for this type