12.13.0 (backend only)

New features - GZAC edition

Access control for Objects

Access Control checks have been implemented for interaction with the Objecten API. Because the Objects and Objecttypes are not part of the GZAC database, the permissions are limited to include only an action. The following actions are available:

  • view

  • view_list

  • create

  • modify

  • delete

An example of Object permissions look as follows:

"permissions": [
        {
            "resourceType": "com.ritense.objectenapi.security.Object",
            "action": "create"
        },
        {
            "resourceType": "com.ritense.objectenapi.security.Object",
            "action": "modify"
        },
        {
            "resourceType": "com.ritense.objectenapi.security.Object",
            "action": "view"
        },
        {
            "resourceType": "com.ritense.objectenapi.security.Object",
            "action": "view_list"
        },
        {
            "resourceType": "com.ritense.objectenapi.security.Object",
            "action": "delete"
        }
    ]

To reduce the impact of this breaking change, an application property has been added to disable the access control checks for Objects. The following properties can be set to false :

  • valtimo.authorization.objectenapi.enabled (application property), or

  • VALTIMO_AUTHORIZATION_OBJECTENAPI_ENABLED (environment variable)

Last updated