Differences

This shows you the differences between two versions of the page.

--- devel:documentation:security:dev:authorization [2020/04/15 06:44]
tomiskar [IdentityContractByIdentityEvaluator]
+++ devel:documentation:security:dev:authorization [2020/04/15 08:42]
tomiskar
@@ Line 114: / Line 114: @@
 ==== SubordinatesEvaluator ====
-A permission for identities which are my subordinates. [[..:..:architecture:dev:filters#defaultsubordinatesfilter|Overloadable filters]] are used for evaluating subordinates or managers.
+A permission for contracts which are my subordinates. [[..:..:architecture:dev:filters#defaultsubordinatesfilter|Overloadable filters]] are used for evaluating subordinates or managers.
+==== SubordinateContractEvaluator ====
+@since 10.3.0
+A permission for identities which are my subordinate contracts. [[..:..:architecture:dev:filters#defaultcontractbymanagerfilter|Overloadable filters]] are used for evaluating subordinate contracts or contract managers.
 ==== IdentityContractByIdentityEvaluator ====
@@ Line 137: / Line 143: @@
 Gives a permission for assigned roles according to the permission for the identity => e.g. If I have a permission to read an identity, I have a permission to read its assigned roles. ''AbstractTransitiveEvaluator'' is used here. If I have a permission to edit the identity, I have a permission to edit (add or delete) its assigned roles.
+==== IdentityRoleByContractEvaluator ====
+@since 10.3.0
+Gives a permission for assigned roles according to the permission for the contract => e.g. If I have a permission to read an contract, I have a permission to read its assigned roles. ''AbstractTransitiveEvaluator'' is used here. If I have a permission to edit the contract, I have a permission to edit (add or delete) its assigned roles. Logged identity can see / edit roles assigned to managed contracts only.
 ==== IdentityRoleByRoleEvaluator ====