Differences

This shows you the differences between two versions of the page.

--- devel:documentation:security:dev:authorization [2020/05/04 11:43]
tomiskar
+++ devel:documentation:security:dev:authorization [2020/05/07 06:18]
kopro
@@ Line 105: / Line 105: @@
 Serves as a parent for evaluating permissions according to the derived objects - for example, I have a permission for the assigned role if I have a permission for the identity, etc. See the children of this abstract class below (''IdentityContractByIdentityEvaluator'').
+=== Parameters ===
+  * **Use permissions** (''include-permissions'') - Only selected permissions can be used from owner permissions transitively. Configuration property has to be used in evaluator configuration properties (in evaluator form attributes) and ''getPredicate method'' has to check evaluated permission is selected (see ''IdentityContractByIdentityEvaluator'' for example).
 ==== BasePermissionEvaluator ====
@@ Line 144: / Line 147: @@
 Gives a permission for industrial relations according to the permission for identity => e.g. if I have a permission to read an identity, I have a permission to read its IR. ''AbstractTransitiveEvaluator'' is used here.
+=== Parameters ===
+  * **Use permissions** (''include-permissions'') - Only selected permissions can be used from identity permissions transitively.
 <note warning>Prevent to combine with ''IdentityByContractEvaluator'' - configure one of them.</note>
@@ Line 376: / Line 382: @@
 [[devel:documentation:roles:dev:universal_requests#permissions| Universal request agenda]]
+==== RoleByRoleCatalogueEvaluator ====
+@since 10.3.0 for **LTS version** is available similar evaluator in [[devel:documentation:modules_extras:role_evaluator_by_role_catalogue|extras module]].
+Documentation for the evaluator is available [[devel:documentation:security:dev:authorization:role_evaluator_by_role_catalogue|there]].
 ===== Default policies =====