Skip to content

[Account] Add wildcard security key to authorize all possible values#159

Open
skerdudou wants to merge 3 commits intodevelopfrom
secu-key-all
Open

[Account] Add wildcard security key to authorize all possible values#159
skerdudou wants to merge 3 commits intodevelopfrom
secu-key-all

Conversation

@skerdudou
Copy link
Copy Markdown
Contributor

@skerdudou skerdudou commented Nov 3, 2025

You should use constant UserAuthorizations.SECURITY_KEY_ALL_VALUES for this usage.

@skerdudou skerdudou requested a review from Copilot November 3, 2025 17:09
Copilot AI reviewed Nov 3, 2025
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces support for a special security key value (SECURITY_KEY_ALL_VALUES = "*") that represents "all values" in authorization rules, enabling rules that are always true or always false regardless of field values. This is useful for granting or denying universal access in security contexts.

Key changes:

  • Added SECURITY_KEY_ALL_VALUES constant to UserAuthorizations class
  • Updated SQL, Search, and Criteria translators to handle the special "*" value by generating always-true (1=1 or *:*) or always-false (0=1 or -*:*) expressions
  • Added test coverage for the new functionality with three test cases validating different scenarios

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
UserAuthorizations.java Introduced SECURITY_KEY_ALL_VALUES constant and improved JavaDoc formatting
SqlSecurityRuleTranslator.java Added logic to translate "*" value to SQL 1=1/0=1 expressions and fixed field name positioning
SearchSecurityRuleTranslator.java Added logic to translate "*" value to search query *:* expressions
CriteriaSecurityRuleTranslator.java Added logic to translate "*" value to alwaysTrue()/alwaysFalse() criteria
DslSecurityRulesBuilderTest.java Added test cases for the new "*" value functionality and minor code formatting cleanup

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread ...ain/java/io/vertigo/account/impl/authorization/dsl/translator/SqlSecurityRuleTranslator.java
Comment thread .../java/io/vertigo/account/impl/authorization/dsl/translator/SearchSecurityRuleTranslator.java
Comment thread vertigo-account/src/main/java/io/vertigo/account/authorization/UserAuthorizations.java
* @author pchretien, npiedeloup
*/
public final class UserAuthorizations implements Serializable {

Copy link

Copilot AI Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The constant SECURITY_KEY_ALL_VALUES lacks documentation explaining its purpose and usage. Consider adding a JavaDoc comment to clarify that this special value represents "all values" in security rules and is used to create always-true or always-false authorization conditions.

Suggested change
/**
* Special value representing "all values" in security rules.
* This constant can be used to create always-true or always-false authorization conditions,
* by matching all possible security keys.
*/

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@skerdudou