Details
-
New Feature
-
Resolution: Fixed
-
Major
-
1.0
-
None
-
Unknown
-
Description
Since the ReadableSecurityRule API is rather flexible and allows numerous variations (single subject or multiple subjects, single right or multiple rights, etc.), a particular access rights situation can be expressed in numerous ways using Rules and collections of Rules.
For some operations on rules collections, a "canonical form" of a collection of rules becomes a useful tool.
This task is about:
- adding the API for the normalization functions & other operations - but without implementing all possible operations
- adding a function in this API allowing to obtain the subjects normalized form for a collection of rules.
The "subjects" are the groups and users of a rule. We consider a collection of rules to be normalized WRT subjects if and only if:
- for each pair of subject and rule state (allow or deny), there is atmost one rule in the collection
- each rule in the collection concerns a single subject, namely:
- one of getUsers() or getGroups() returns an empty list
- the non-empty list returned by getUsers() or getGroups() has only one element, non-null