Defines access permissions to activities, files, and published resources provided by the plugin.

<permissions>

Describes permission settings for the Vaandroid plugin.

  • Can contain elements

@Version

The version of the permissions file. Default: 1

<permission>

A set of user, group, allow, and allow-file elements defining ''who'' has access to ''what''.  This includes access to activities and file resources.

Can contain , , and elements Can contain and elements

or

'users' or 'groups' are who we are defining permissions for Denotes a set of either users or groups with a given scope

@scope

  • In the users element, define the scope
  • The scope of the user permissions defined here is in vaandroid
  • Each object someone defines a permission for has a unique id that is determined by both the name of the user (in this case), and the scope ** For example, user 'noah' in scope 'students' is different from user 'noah' in scope teachers
  • All users inside this element are in the defined scope

<id>

  • Content is an id that fall under the user scope or group scope it is contained in.
  • Add one id element for a single user, or multiple id elements for multiple users.

  • cannot start with an _ or an *
  • cannot contain spaces

    <everyone />

    If defined in the element, all users in all scopes.
    If in a element, all users in the specified scope. If in a element, all group members in the specified scope.

<permissions>
  <everyone />
</permissions>

<permissions>
  <users scope='teachers'>
    <everyone />
  </users>

<permissions>
  <groups scope='teachers'>
    <everyone />
  </users>

</permissions>

*Contains no elements

<everything />

All activities, services, and files.

Can also be inside an or element to restrict allowed items either activities or files.

Contains no elements.

<permissions>
  <everyone />
  <allow><everything /></allow>
  <allow-file><everything /></allow-file>
</permissions>

<permissions>
  <everyone />
  <everything />
</permissions>

<allow>

  • Place the activities that are granted to the user and/or group
  • Can be placed inside different elements If placed inside the permissions element, it applies to all permissions. If placed inside the permission element, but outside all others, all users and groups defined in elements will be allowed this activity. ** If placed inside an individual users or groups element, all users/groups inside that element will be allowed the activity, but not any users/groups defined in other elements.

<allow-file>

Defines a pattern, using the Java [https://docs.oracle.com/javase/tutorial/essential/io/fileOps.html#glob|glob] format, for matching what files are allowed access to the specified users and groups.

Plugins can expose resources through the ''/ext/bundle'' endopoint.

<allow-file>**.txt</allow-file>
<allow-file>images/**</allow-file>
<allow-file>**.{png,js,css,htm,html}</allow-file>

///// {FANCYTABLE(head="Feature | Progress | Priority | Release | Assigned to" sortable="type:reset" tsortcolumns="type:text;group:letter|type:digit;group:number|type:word;group:word|type:shortDate;group:date-year|type:digit;group:number-10" tsfilteroptions="type:reset" db_name="features" db_category="Vaandroid:Permissions")} java annotations for permissions (activities and menu items) | | | 6 | {FANCYTABLE}

Wishlist

  • Deny element
  • Grant permissions for actions in the activity

Examples

<vaandroid>
    <permissions>

        <!--All users within the scope of vaandroid are given all activity permissions.-->
        <permission>
            <users scope='vaandroid'>
                <everyone/>
            </users>
            <allow>
                <everything/>
            </allow>
        </permission>

        <!--In the block below, all users within the scope of vaandroid are given all permissions, but all users within the scope of 'medusa' are given no permissions.-->
        <permission>
            <users scope='vaandroid'>
                <everyone/>
            </users>
            <allow>
                <everything/>
            </allow>
        </permission>
        <permission>
            <users scope='medusa'>
                <everyone/>
            </users>
        </permission>

        <!--In the block below, all users within the scope of vaandroid and medusa are given all permissions. -->
        <permission>
            <users scope='vaandroid'>
                <everyone/>
            </users>
            <users scope='medusa'>
                <everyone/>
            </users>
            <allow>
                <everything/>
            </allow>
        </permission>

        <!--In the block below, users noah and steven within the scope vaandroid are given all permissions.-->
        <permission>
            <users scope='vaandroid'>
                <id>steven</id>
                <id>noah</id>
            </users>
            <allow>
                <everything/>
            </allow>
        </permission>

        <!--In the block below, users noah and steven within the scope vaandroid are given all permissions, but user noah in scope-->
        <!--medusa is given no permissions.-->
        <permission>
            <users scope='vaandroid'>
                <id>steven</id>
                <id>noah</id>
            </users>
            <allow>
                <everything/>
            </allow>
        </permission>
        <permission>
            <users scope='medusa'>
                <id>noah</id>
            </users>
        </permission>
    </permissions>

</vaandroid>