-
Type:
User story
-
Status: Resolved
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 8.1
-
Component/s: JSF/Polymer Integration, Security / Rights
-
Epic Link:
-
Sprint:TGV 11
-
Story Points:20
Leverage nuxeo-platform-login-token to handle authentication.
Add a notion of "virtual" principal:
- virtual if the username starts with virtualuser:.
- add NuxeoPrincipal#isVirtual()
- Make the UserManager creates a transient principal when retrieving a Principal based on a virtual username
When a temporary ACE is created:
- compute a virtual username based on the given username + doc id + reponame (virtualuser:troger@nuxeo.com_docid_reponame)
- find a separator token that can't be used in a default username (so that we can split on it to retrieve the document / email)
- register a new token on nuxeo-platform-login-token for that username
When notifying a virtual user for a given rights, add the token in the URL so that the user can be logged in.
- is required by
-
NXP-25828 Improve external permissions experience dealing with multiple items
-
- Resolved
-
1.
|
Add temporary access form |
|
Resolved | Unassigned |
2.
|
Add temporary access listing |
|
Resolved | Unassigned |
3.
|
Add token handler (chain authentication) |
|
Resolved | Unassigned |
4.
|
Add remove temporary access button |
|
Resolved | Unassigned |
5.
|
Add update form |
|
Resolved | Unassigned |
6.
|
Add email template for temporary access |
|
Resolved | Unassigned |
