Enhance "In" condition for the access policies #123

aamplugin · 2020-06-03T00:48:05Z

Currently, the expected "In" condition is the following:

"In": {
     "administrator": "(*array)${USER.capabilities}"
 }

The left part is the scalar value, while the right part is an array of scalar values.

It would be nice to extend this type of condition by allowing the left part to be an array too. This way we can build an "array intersect" condition when the condition evaluates to true if ALL values in the left array are found in the right array.

The perfect example is the statement that is applicable ONLY if user belongs to two roles:

{
    "Effect": "deny",
    "Resource": "Post:project:posts:read",
    "Condition": {
        "In": {
            "(*array)${USER.roles}": ["subscriber", "reader"]
        }
    }
}

or something like:

{
    "Effect": "deny",
    "Resource": "Post:project:posts:read",
    "Condition": {
        "In": {
            "(*array)[\"subscriber\", \"reader\"]": "(*array)${USER.roles}"
        }
    }
}

The text was updated successfully, but these errors were encountered:

aamplugin added the enhancement label Jun 3, 2020

aamplugin added this to the 6.5.3 - AAM milestone Jun 3, 2020

aamplugin self-assigned this Jun 3, 2020

aamplugin pushed a commit that referenced this issue Jun 3, 2020

Implemented #123

c4cfe22

aamplugin closed this as completed Jun 3, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enhance "In" condition for the access policies #123

Enhance "In" condition for the access policies #123

aamplugin commented Jun 3, 2020

Enhance "In" condition for the access policies #123

Enhance "In" condition for the access policies #123

Comments

aamplugin commented Jun 3, 2020