How can we check user permissions ?
I'm trying to understand how REST API's permissions work with Bonita 7.4, if someone can provide any info it would be nice :)
So here's what I understood :
- The security-config.properties file allows to activate or deactivate the permissions checks on the REST API
- The compound-permissions-mapping.properties file lists the default permissions used for each pages
- The resources-permissions-mapping.properties file defines which permissions are needed to access resources using the REST API
- The custom-permissions-mapping.properties file allows an administrator to grant additional rights for a User, a Group or a Profile
But how can I check or change the LoggedUserPermissions for a user ? I can't find any IdentityAPI which allows me to check or update permissions.
[Edit : Added the custom-permissions-mapping.properties file infos ]
In your list, you are missing the custom-permissions-mapping.properties. In this file, you can assign a profile, a user or a group a specific permission. By example, out of the box, the Studio comes with an example of REST Api extension that is accessible at "extension/demo/getExample", the permission "demoPermission" is needed to access it. To grant access to this REST Api to the Profile User, you can add this line to the file custom-permissions-mapping.properties: profile|User=[demoPermission]
That is one way to add new permissions. The other way is through compound-permissions-mapping.properties file. As you said, it list the permissions used for each pages. Actually, all the pages are linked to Profile in Bonita. You have the default pages listed here that are used by the Portal. When you develop a new custom page, you have to list in the properties, the list of permission required by this page. When you deploy this page, the Portal will automatically update the compound-permissions-mapping.properties file.
Please keep in mind that each time you modify a property file, you have to pull the configuration files from the Engine using the setup.bat/sh tool. Then push your modification back and reboot the server.