Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't treat colon as a permission-to-action separator in @PermissionChecker value attribute #45364

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Don't treat colon as a permission-to-action separator in @PermissionChecker value attribute #45364

wants to merge 1 commit into from

Conversation

michalvavrik
Copy link
Member

@michalvavrik michalvavrik commented Jan 4, 2025
edited
Loading

  • closes: PermissionChecker does not handle list of permission correctly #45224
  • intention of this PR is to keep matching between @PermissionsAllowed and @PermissionChecker simple, because : can be used inside claims etc. without having a special meaning (like the permission-to-actions separator); see linked issue
  • there was a build-time validation that prevented using the permission-to-action separator in the @PermissionChecker
  • agreed behavior:
    • colon used in the @PermissionChecker is just a plain character
    • @PermissionsAllowed and @PermissionChecker values are matched based on a string equality, no actions exist
    • when @PermissionsAllowed attribute inclusive is set to true and read is granted by a permission checker, then all the read:all, read:whatever inside same annotation instance value also require a permission checker; this is important because normally it would be one permission, not 3 checkers and it adds complexity

@quarkus-bot quarkus-bot bot added area/docstyle issues related for manual docstyle review area/documentation area/security labels Jan 4, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 4, 2025

🎊 PR Preview cd9d9f0 has been successfully built and deployed to https://quarkus-pr-main-45364-preview.surge.sh/version/main/guides/

  • Images of blog posts older than 3 months are not available.
  • Newsletters older than 3 months are not available.

@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Jan 4, 2025

Status for workflow Quarkus Documentation CI

This is the status report for running Quarkus Documentation CI on commit 474d17a.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

Warning

There are other workflow runs running, you probably need to wait for their status before merging.

@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Jan 4, 2025
edited by github-actions bot
Loading

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit 474d17a.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

You can consult the Develocity build scans.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sberyozkin sberyozkin Awaiting requested review from sberyozkin

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
area/docstyle issues related for manual docstyle review area/documentation area/security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

PermissionChecker does not handle list of permission correctly
1 participant
@michalvavrik