Structr provides graph-based permission resolution to control access rights for non-admin users based on a domain security model. By setting rules for how access rights are propagated over relationships in the graph, the effective access permissions can be controlled.

fig

In the above example, the schema is configured in such a way that users with the maintains relationship to a ProductGroup will have access to any Product object in the group they maintain, but not to the subgroups of the given group.

Schema relationships that are configured to allow domain permission resolution are called active relationships. Active relationships are displayed in a different color than normal relationships in the schema editor.

How does it work?

When a non-admin user accesses a private object (e.g. a Product node from the above example schema), Structr tries to find a path which ADDs the requested right or KEEPs the requested right from a node the user has the specific right on.

In detail: We assume that a user who has read access to a ProductGroup tries to access a Product contained in that group (for which the user does not have direct rights).
Structr will then traverse the active relationship(s) until a path is found which ADDs or KEEPs the requested right.

Successful path evaluation

  • The ProductGroup-[:contains]->Product relationship is configured to keep read and write
  • The effective permissions at the end of the evaluation process are read and write

Unsuccessful path evaluation

Let’s assume a user wants to access a product that is not contained in the product group he/she has access to, but in a subgroup of the given group. In this case, Structr will not be able to find a connected path of active relationships and will fail the permission resolution.

Options for permission resolution

ValueDescription
NONEPermission resolution not active
SOURCE_TO_TARGETPermission resolution active from source node to target node
TARGET_TO_SOURCEPermission resolution active from target node to source node
BOTHPermission resolution active regardless of relationship direction

Options for read, write, delete and accessControl

ValueDescription
RemoveRemoves this permission
KeepKeeps this permission
AddAdds this permission

Hidden Properties

Properties in the Hidden Properties input field are removed from the JSON output of an entity accessed over a permission resolution path. If you for example want to remove the properties price and value from the JSON output of the Product entity in the above example, the hidden properties input field should contain

price, value

Graph-Browser

Related Articles
About this article
Last change 2018-02-09
Topics SecurityStructr 2.0