changelog.adoc 1.24 KB
Newer Older
mhellka's avatar
mhellka committed
1
2
3
4
5
6
7
8
9
10
11
12
13

== Breaking changes from CDStar v2

Access control changed significantly:
* User names now contain a domain part (separated by '@', defaults to '@local').
* Group names are now prefixed with '@' and distinguishable from user-names.
* The owner of an object is no longer allowed to change permissions or pass the object do a different owner. This requires 'change_acl' and 'change_owner' permissions which are included in the v2 'MANAGE' permission.
* Three new 'virtual users' are supported:
  * '$owner' matches the current owner of an object.
  * '$known' matches any logged-in user. 
  * '$any' matches any user, including anonymous guests.
* Reading the access control list requires 'read_acl' permissions, which is included in 'MANAGE' but not in 'READ'. The API returns an incomplete response if these permissions are missing instead of returning an error.
* Not all v3 permissions can be mapped to v2 permissions. Because of that, the `/accesscontrol/<id>` API only reports a subset of the actual permissions. Using this API to change permissions may erase permission settings not visible through this API. Modifying permissions should be avoided for this reason. The API can be disabled with the `cdstar.legacy.v2.acl` setting (`on`, `read-only` or `disabled`).