From 846177cbd524048e39786a164f75b01f8e4e3ff4 Mon Sep 17 00:00:00 2001 From: Yoann Abbes Date: Tue, 7 May 2019 11:04:24 +0200 Subject: [PATCH 1/7] template role --- .../controller-security/create-role/index.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/api/1/controller-security/create-role/index.md b/src/api/1/controller-security/create-role/index.md index 57065a58c..8bc8e85c1 100644 --- a/src/api/1/controller-security/create-role/index.md +++ b/src/api/1/controller-security/create-role/index.md @@ -19,6 +19,7 @@ Method: POST Body: ``` +If you want a super admin role, you would do as follow : ```js { "controllers": { @@ -31,6 +32,24 @@ Body: } ``` +For an example, if you want your it to be a document writer, you can define it as follow : + +```js +{ + "controllers": { + "document": { + "actions": { + "create": true, + "createOrReplace": true, + "replace": true, + "update": true, + "delete": true + } + } + } +} +``` + ### Other protocols ```js From 3b595f63b2ea4535a2a3d50a2af9cf92576c0ac8 Mon Sep 17 00:00:00 2001 From: Yoann Abbes Date: Tue, 7 May 2019 13:56:00 +0200 Subject: [PATCH 2/7] add template role admin console --- src/api/1/controller-security/create-role/index.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/api/1/controller-security/create-role/index.md b/src/api/1/controller-security/create-role/index.md index 8bc8e85c1..96da93d2f 100644 --- a/src/api/1/controller-security/create-role/index.md +++ b/src/api/1/controller-security/create-role/index.md @@ -50,6 +50,20 @@ For an example, if you want your it to be a document writer, you can define it a } ``` +Another example for an admin console role would be : + +```js +{ + "controllers": { + "security": { + "actions": { + "*": true + } + } + } +} +``` + ### Other protocols ```js From 80222d0fc7860f2aa6602f6f86abbe87f30e7bae Mon Sep 17 00:00:00 2001 From: Yoann Abbes Date: Tue, 7 May 2019 15:57:30 +0200 Subject: [PATCH 3/7] change template role --- src/api/1/controller-security/create-role/index.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/api/1/controller-security/create-role/index.md b/src/api/1/controller-security/create-role/index.md index 96da93d2f..4d83612a5 100644 --- a/src/api/1/controller-security/create-role/index.md +++ b/src/api/1/controller-security/create-role/index.md @@ -55,9 +55,12 @@ Another example for an admin console role would be : ```js { "controllers": { - "security": { + "auth": { "actions": { - "*": true + "login": true, + "checkToken": true, + "getCurrentUser": true, + "getMyRights": true } } } From a0eca52410985ee81026ea878878076e838e05a4 Mon Sep 17 00:00:00 2001 From: Yoann Abbes Date: Tue, 7 May 2019 18:12:44 +0200 Subject: [PATCH 4/7] change template role --- .../controller-security/create-role/index.md | 21 +------------------ 1 file changed, 1 insertion(+), 20 deletions(-) diff --git a/src/api/1/controller-security/create-role/index.md b/src/api/1/controller-security/create-role/index.md index 4d83612a5..cd0ba4411 100644 --- a/src/api/1/controller-security/create-role/index.md +++ b/src/api/1/controller-security/create-role/index.md @@ -31,26 +31,7 @@ If you want a super admin role, you would do as follow : } } ``` - -For an example, if you want your it to be a document writer, you can define it as follow : - -```js -{ - "controllers": { - "document": { - "actions": { - "create": true, - "createOrReplace": true, - "replace": true, - "update": true, - "delete": true - } - } - } -} -``` - -Another example for an admin console role would be : +For an example, for an admin console role with minimum rights to connect would be : ```js { From 4f98ed129d798a17b4dd4a01e26600465ee3515f Mon Sep 17 00:00:00 2001 From: Yoann Abbes Date: Mon, 13 May 2019 09:23:59 +0200 Subject: [PATCH 5/7] template role --- .../1/controller-security/create-role/index.md | 17 ----------------- src/guide/1/essentials/security/index.md | 7 ++++--- 2 files changed, 4 insertions(+), 20 deletions(-) diff --git a/src/api/1/controller-security/create-role/index.md b/src/api/1/controller-security/create-role/index.md index cd0ba4411..57065a58c 100644 --- a/src/api/1/controller-security/create-role/index.md +++ b/src/api/1/controller-security/create-role/index.md @@ -19,7 +19,6 @@ Method: POST Body: ``` -If you want a super admin role, you would do as follow : ```js { "controllers": { @@ -31,22 +30,6 @@ If you want a super admin role, you would do as follow : } } ``` -For an example, for an admin console role with minimum rights to connect would be : - -```js -{ - "controllers": { - "auth": { - "actions": { - "login": true, - "checkToken": true, - "getCurrentUser": true, - "getMyRights": true - } - } - } -} -``` ### Other protocols diff --git a/src/guide/1/essentials/security/index.md b/src/guide/1/essentials/security/index.md index d62a3f5ef..9ed4fc713 100644 --- a/src/guide/1/essentials/security/index.md +++ b/src/guide/1/essentials/security/index.md @@ -79,7 +79,7 @@ The `action permission` value can be set to either: - a boolean. If `true`, the `role` allows the given action. - {{{deprecated "1.4.0"}}} an object describing a dynamic right definition. For more information check out the advanced roles documentation. -As an example, below is the `role` definition that Kuzzle uses to request authorization from the anonymous user once the administrator account is created and anonymous access is blocked. +As an example, below is the `role` definition for minimum rights on admin console : ```js { @@ -88,14 +88,15 @@ As an example, below is the `role` definition that Kuzzle uses to request author "actions": { "login": true, "checkToken": true, - "getCurrentUser": true + "getCurrentUser": true, + "getMyRights": true } } } } ``` -In the above `role` definition, anonymous users can perform the `login`, `checkToken` and `getCurrentUser` actions of the `auth` controller. +In the above `role` definition, anonymous users can perform the `login`, `checkToken`, `getCurrentUser` and `getMyRights` actions of the `auth` controller. For a list of available controllers and actions from Kuzzle's API by sending a `GET` request as follows: From 6bae57dabbfdd3574a104b3d2f8ab9119483b39d Mon Sep 17 00:00:00 2001 From: Yoann Abbes Date: Tue, 14 May 2019 10:23:48 +0200 Subject: [PATCH 6/7] add backlinks --- src/guide/1/essentials/security/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/guide/1/essentials/security/index.md b/src/guide/1/essentials/security/index.md index 9ed4fc713..df5b9ae91 100644 --- a/src/guide/1/essentials/security/index.md +++ b/src/guide/1/essentials/security/index.md @@ -96,7 +96,7 @@ As an example, below is the `role` definition for minimum rights on admin consol } ``` -In the above `role` definition, anonymous users can perform the `login`, `checkToken`, `getCurrentUser` and `getMyRights` actions of the `auth` controller. +In the above `role` definition, anonymous users can perform the [login]({{ site_base_path }}api/1/controller-auth/login/), [checkToken]({{ site_base_path }}api/1/controller-auth/check-token/), [getCurrentUser]({{ site_base_path }}api/1/controller-auth/get-current-user/) and [getMyRights]({{ site_base_path }}api/1/controller-auth/get-my-rights/) actions of the `auth` controller. For a list of available controllers and actions from Kuzzle's API by sending a `GET` request as follows: From c3aceece5d0427565e76fb6351f736fe28300b1c Mon Sep 17 00:00:00 2001 From: Yoann Abbes Date: Wed, 15 May 2019 14:54:42 +0200 Subject: [PATCH 7/7] description role example --- src/guide/1/essentials/security/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/guide/1/essentials/security/index.md b/src/guide/1/essentials/security/index.md index df5b9ae91..3cfa9793a 100644 --- a/src/guide/1/essentials/security/index.md +++ b/src/guide/1/essentials/security/index.md @@ -79,7 +79,7 @@ The `action permission` value can be set to either: - a boolean. If `true`, the `role` allows the given action. - {{{deprecated "1.4.0"}}} an object describing a dynamic right definition. For more information check out the advanced roles documentation. -As an example, below is the `role` definition for minimum rights on admin console : +As an example, below is the `role` definition that Kuzzle uses to request authorization from the anonymous user once the administrator account is created and anonymous access is blocked. ```js {