[ann] Agrest 4.8 released - new security model
12 views
Skip to first unread message
Andrus Adamchik
Dec 27, 2021, 7:05:10 AM12/27/21
to Agrest Framework User Group
Hi folks,
Glad to announce Agrest 4.8 release. It is a pretty major release. Together with 4.7 it provides a new security model for all CRUD operations. It works per-entity, and can be applied at any level of the request tree (a notable difference from the deprecated Constraint API that requires building specific navigation paths). The API is comprised of the "filters" and "authorizers":
* PropertyFilter - to include/exclude specific *properties*, separately for read and write operations
* ReadFilters - to include/exclude specific *objects* in responses
* [Create|Update|Delete]Authorizer - to (dis)allow updating specific *objects*
All these APIs are available per-request and per-application. E.g.:
Ag.service(config)
.select(E.class)
// only include OBJECTS matching a condition
.filter(E.class, e -> e.getN() > 5)
// specify which properties are allowed
.propFilter(E4.class, r -> r.empty().id(true).property("p1", true))
.get();
The API above makes Constraints and EntityEncoderFilter obsolete, so those are now deprecated and will be removed in 5.0.
In other change, lots of things got cleaned up in the stack, and a number of bugs fixed. The underlying Cayenne dependency got upgraded to 4.2.B1 that itself has some important bug fixes. So this is an update you don't want to miss.
Andrus
------
Full release notes:
#427 AgEntityOverlay support for POST/PUT requests
#493 Replace Constraint with per-entity API based on AgEntityOverlay
#497 Agrest fails to build on Java 11
#498 Made JAX-RS dependency "provided"
#500 Child relationship of a dynamic relationship fails to resolve
#501 Replace EntityEncoderFilter with per-entity object filter
#502 Per-entity CRUD filters and authorizers for UpdateBuilder
#503 New update stage - MAP_CHANGES
#504 Update processes result twice
#505 Authorizer for DeleteBuilder
#506 DeleteBuilder stage
#507 Upgrade to Cayenne 4.2.B1
#509 Removing ExecutorService and ShutdownManager
#510 "by id" Cayenne resolver fetches entire table in the absence of pagination
#512 New select/update stage: ENCODE
Glad to announce Agrest 4.8 release. It is a pretty major release. Together with 4.7 it provides a new security model for all CRUD operations. It works per-entity, and can be applied at any level of the request tree (a notable difference from the deprecated Constraint API that requires building specific navigation paths). The API is comprised of the "filters" and "authorizers":
* PropertyFilter - to include/exclude specific *properties*, separately for read and write operations
* ReadFilters - to include/exclude specific *objects* in responses
* [Create|Update|Delete]Authorizer - to (dis)allow updating specific *objects*
All these APIs are available per-request and per-application. E.g.:
Ag.service(config)
.select(E.class)
// only include OBJECTS matching a condition
.filter(E.class, e -> e.getN() > 5)
// specify which properties are allowed
.propFilter(E4.class, r -> r.empty().id(true).property("p1", true))
.get();
The API above makes Constraints and EntityEncoderFilter obsolete, so those are now deprecated and will be removed in 5.0.
In other change, lots of things got cleaned up in the stack, and a number of bugs fixed. The underlying Cayenne dependency got upgraded to 4.2.B1 that itself has some important bug fixes. So this is an update you don't want to miss.
Andrus
------
Full release notes:
#427 AgEntityOverlay support for POST/PUT requests
#493 Replace Constraint with per-entity API based on AgEntityOverlay
#497 Agrest fails to build on Java 11
#498 Made JAX-RS dependency "provided"
#500 Child relationship of a dynamic relationship fails to resolve
#501 Replace EntityEncoderFilter with per-entity object filter
#502 Per-entity CRUD filters and authorizers for UpdateBuilder
#503 New update stage - MAP_CHANGES
#504 Update processes result twice
#505 Authorizer for DeleteBuilder
#506 DeleteBuilder stage
#507 Upgrade to Cayenne 4.2.B1
#509 Removing ExecutorService and ShutdownManager
#510 "by id" Cayenne resolver fetches entire table in the absence of pagination
#512 New select/update stage: ENCODE
Andrus Adamchik
Dec 27, 2021, 9:42:22 AM12/27/21
to Agrest Framework User Group
Ugh, the moment I posted the announcement, I found a bug :) Fixed, and released as 4.9.
Reply all
Reply to author
Forward
0 new messages