Both sides previous revision
Previous revision
|
Next revision
Both sides next revision
|
devel:documentation:security:dev:authorization [2020/03/03 15:59] kopro add tags |
devel:documentation:security:dev:authorization [2020/03/26 20:05] tomiskar [IdentityFormValueEvaluator] |
* **By permission to update user** (''owner-update'') - Add permission to attributes of users, which can be updated by the logged user (for example, when logged user can update identity, then he can update attributes too). | * **By permission to update user** (''owner-update'') - Add permission to attributes of users, which can be updated by the logged user (for example, when logged user can update identity, then he can update attributes too). |
* **By permission to read user** (''owner-read'') - Add permission to attributes of users, which can be read by the logged user (for example, when logged user can read identity, then he can update attributes). | * **By permission to read user** (''owner-read'') - Add permission to attributes of users, which can be read by the logged user (for example, when logged user can read identity, then he can update attributes). |
| |
| ==== IdentityContractFormValueEvaluator ==== |
| |
| @since 10.2.0 |
| |
| <note tip>Since version **10.2.0**, it is possible to define permissions not only for contract as a whole, but also for **individual attributes**. This means that it is now possible for one user to view (or edit) all his attributes, and only one attribute for the other.</note> |
| |
| <note important>The permissions control for a particular attribute is now only available for extended attributes (EAV).</note> |
| |
| Permissions to contract form attribute values. By definition (main if not specified) and attrinute codes (all if not specified). |
| Configure permissions for form definitions together with this evaluator - ''FORMDEFINITION_AUTOCOMPLETE'' is needed for read / update form values in this definition. |
| |
| === Parameters === |
| * **Form definition** (''form-definition'') - Select definition, which contains attributes. Main definition will be used as default. |
| * **Attributes** (''attributes'') - Add permission to attributes. All attributes from selected form definition will be used as default. All attributes or attribute codes (use comma as separator). |
| * **By permission to update contract** (''owner-update'') - Add permission to attributes of contracts, which can be updated by the logged user (for example, when logged user can update contract, then he can update attributes too). |
| * **By permission to read contract** (''owner-read'') - Add permission to attributes of contracts, which can be read by the logged user (for example, when logged user can read contract, then he can update attributes). |
| |
| |
==== RoleCatalogueRoleByRoleEvaluator ==== | ==== RoleCatalogueRoleByRoleEvaluator ==== |