Structr provides graph-based permission resolution to control access rights for non-admin users based on a domain security model. By setting rules for how access rights are propagated over relationships in the graph, the effective access permissions can be controlled.

fig

In the above example, the schema is configured in such a way that users with the maintains relationship to a ProductGroup will have access to any Product object in the group they maintain, but not to the subgroups of the given group.

Schema relationships that are configured to allow domain permission resolution are called active relationships. Active relationships are displayed in a different color than normal relationships in the schema editor.

How does it work?

When a non-admin user accesses a private object (e.g. a Product node from the above example schema), Structr tries to find a connected path of active relationships from the user to the accessed entity. Each step of the path controls addition and removal of each of the four permission flags in Structr individually. The path will be evaluated sequentially, starting from the accessing user.

In detail: We assume that a user with the maintains relationship on a given ProductGroup tries to access a Product contained in that group. Structr will then execute the following steps:

  1. Find a path from User to Product
  2. Evaluate the path, starting from the User entity
  3. Modify the effective permissions according to each step’s settings
  4. Collect the list of hidden properties according to each step’s settings
  5. Allow / deny access based on the evaluation result
  6. Store / cache the evaluated path

Successful path evaluation

  • The User-[:maintains]->ProductGroup relationship is configured to add the read and write permissions
  • The ProductGroup-[:contains]->Product relationship is configured to keep read and write
  • The effective permissions at the end of the evaluation process are read and write

Unsuccessful path evaluation

Let’s assume a user wants to access a product that is not contained in the product group he/she has access to, but in a subgroup of the given group. In this case, Structr will not be able to find a connected path of active relationships and will fail the permission resolution.

Options for permission resolution

ValueDescription
NONEPermission resolution not active
SOURCE_TO_TARGETPermission resolution active from source node to target node
TARGET_TO_SOURCEPermission resolution active from target node to source node
BOTHPermission resolution active regardless of relationship direction

Options for read, write, delete and accessControl

ValueDescription
RemoveRemoves this permission
KeepKeeps this permission
AddAdds this permission

Hidden Properties

Properties in the Hidden Properties input field are removed from the JSON output of an entity accessed over a permission resolution path. If you for example want to remove the properties price and value from the JSON output of the Product entity in the above example, the hidden properties input field should contain

price, value

Graph-Browser

About this article
Last change 2017-05-04
Topics SecurityStructr 2.0