Comments (3)
Stephen has done some work on this and got it doing what we think it needs to do. PR is in the works once he's tidied it up.
from umbraco-graphql.
I can't figure out what your plans for security are by reading your issues, so I'll come with a proposal for discussion here, and please forgive me if it's what you already had in mind.
I'd like to manage security via users and roles in Umbraco, where access is disallowed by default.
One creates a group, let's call it PublicAPI. Then a user named Website, assigned to that group. This user can authenticate with the api, but won't have access to anything, because no access have been given (Umbraco also seems to default to no access for everything when creating users and groups).
Umbraco doesn't support field level access, which is a shame. So I'll be focusing on nodes only.
You can assign default permissions for a group, but it's not desirable since it'll turn things around from a no access by default to access by default. This can quickly get messy.
So we're left with granular access. But you can only set permissions for single nodes, and not tell Umbraco to inherit them for the children or descendants. Let's say someone implemented this, and now you'd want to prevent access to one of the children; you can't do that, because Umbraco removes all granular access entries that doesn't check at least one of the boxes in the list of permissions.
Does anyone know what can be done about this?
Edit: Let me know if I should create a new issue instead. There's just so many on security already that I wouldn't start another thread.
from umbraco-graphql.
Hi
Just wanted to let you know that the project is moving to the Umbraco Community GitHub organisation, so we are closing all existing issues.
If you think your issue is still relevant, please feel free to reopen it.
/Rasmus
from umbraco-graphql.
Related Issues (20)
- Custom fields not outputted in umbraco8 branch HOT 2
- Make umbraco8 the master branch HOT 1
- graphql endpoints HOT 1
- What's the syntax for filtering queries? HOT 2
- Umbraco 8 support? HOT 1
- Call for maintainers HOT 4
- Performance tests and benchmarks
- Security investigation
- Build pipeline and automated release
- Multi-lingual content and variants HOT 1
- Remove ToDos from README.md and move them into issues (if they still apply) HOT 3
- Support Dictionary Items
- Investigate similar solutions in other (open source) CMS
- Create Developer Documentation
- Support for Unicore HOT 3
- Revisit filtering
- Cannot access Rich Text field with Macro via GraphQL HOT 2
- Future of this project? HOT 4
- Exception when running with Umbraco 9.1.2 HOT 1
- V13 LTS update
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from umbraco-graphql.