PowerOn/wiki
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

rbac doc adapted

Browse source
This commit is contained in:
ValueOn AG 2025-12-07 23:51:31 +01:00
parent a953c51c10
commit 118fd1711f
1 changed files with 38 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
appdoc/doc_security_role_based_access.md
View file

@ -47,31 +47,50 @@ The new RBAC system implements a **matrix-based access model** with database-lev
### Frontend Options Format
The `frontend_options` attribute in Field definitions supports two formats:
The `frontend_options` attribute in Field definitions supports **two formats**:
1. **Static List** (for basic data types): A list of option dictionaries
```python
frontend_options=[
{"value": "a", "label": {"en": "All Records", "fr": "Tous les enregistrements"}},
{"value": "m", "label": {"en": "My Records", "fr": "Mes enregistrements"}}
]
```
#### 1. Static List (for basic data types)
A list of option dictionaries for static, predefined options:
```python
frontend_options=[
{"value": "a", "label": {"en": "All Records", "fr": "Tous les enregistrements"}},
{"value": "m", "label": {"en": "My Records", "fr": "Mes enregistrements"}}
]
```
2. **String Reference** (for custom types): A string identifier that references dynamic options
```python
frontend_options="user.role" # Frontend fetches from /api/options/user.role
```
**Use static lists when:**
- Options are fixed and don't change based on user context
- Options are simple enums or constants
- Options don't require database queries
**Dynamic Options API**: When `frontend_options` is a string reference, the frontend must fetch options from `/api/options/{optionsName}`. This allows for:
- Database-driven options (e.g., user connections loaded from database)
- Context-aware options (e.g., options filtered by current user's permissions)
- Centralized option management (e.g., role definitions managed in one place)
#### 2. String Reference (for dynamic/custom types)
A string identifier that references dynamic options from the Options API:
```python
frontend_options="user.role" # Frontend fetches from /api/options/user.role
```
**Use string references when:**
- Options come from the database (e.g., user connections)
- Options are context-aware (filtered by current user's permissions)
- Options need centralized management (e.g., role definitions)
- Options may change frequently
**Dynamic Options API**: When `frontend_options` is a string reference, the frontend must:
1. Detect that it's a string (not a list)
2. Fetch options from `/api/options/{optionsName}`
3. Use the returned options for the select/multiselect field
**Available Option Names**:
- `"user.role"` - User role options (sysadmin, admin, user, viewer)
- `"user.connection"` - User connection types
- `"auth.authority"` - Authentication authorities
- `"connection.status"` - Connection statuses
- `"user.connection"` - User connection types (context-aware, requires currentUser)
- `"auth.authority"` - Authentication authorities (local, google, msft)
- `"connection.status"` - Connection statuses (active, inactive, expired, error)
**Type Definition**: The `frontend_options` attribute is typed as `Union[List[Dict[str, Any]], str]`:
- `List[Dict[str, Any]]`: Static list format
- `str`: String reference format
See `gateway/modules/shared/frontendOptionsTypes.py` for type definitions and utility functions.
### Access Rule Model