英文:
Azure DevOps Custom Extensions - Work Item Form Extension - Add Security
问题 {#heading}
我正在扩展工作项表单,以包括一个新页面,用于执行一些自定义操作,类似于这样:
https://learn.microsoft.com/en-us/azure/devops/extend/develop/add-workitem-extension?view=azure-devops
我希望只允许特定用户与新标签交互并加载它。在用户级别添加安全性的最佳方法是什么?我可以通过一些"hack"来实现仅在用户存在于扩展中发布的允许用户数组中时才加载数据,但我希望有一些更清晰/可配置的方法。 英文:
I'm extending the Work Item form to include a new Page for some custom actions like this:
https://learn.microsoft.com/en-us/azure/devops/extend/develop/add-workitem-extension?view=azure-devops
I'd like to only allow certain users to interact with the new Tab and load it. What's the best way to add security at the user level? I could so some "hack" to only allow the data to load if the user exists in an array of allowed users published with the Extension, but I was hoping to have something more clean/configurable than that.
答案1 {#1}
得分: 1
我无法给你一个明确的答案,但我有一些可能性的直觉:
-
权限 API - Azure DevOps 中的权限使用范围和令牌,我认为从技术上讲,你可以创建一个带有自定义令牌的 ACL 来存储你的权限。然后,你的扩展应该查询该特定的访问控制列表来决定是否渲染或不渲染。这有一个优点,即继承、组成员等也会起作用。
-
扩展存储 API - 扩展可以使用扩展存储 API 存储任意数据。你可以在那里存储你的 'ACL'。
你可以在项目或组织中注册一个自定义部分,以渲染一个 UI 来管理这些权限。我怀疑你也许能够使用内置的权限控制,但再次强调这只是猜测。 英文:
I can't give you a definite answer, but I have a few hunches of what's possible:
-
The permissions API - permissions in Azure DevOps use a scope and a token, I think technically you can create a ACL with a customized token to store your permissions. Your extension should then query that specific access control list to decide whether to render or not. This has the advantage that inheritance, group membership etc would work as well.
-
The extension storage API - extensions can store arbitrary data using the extension storage API. You could store your 'ACL' there.
You can register a custom section in the project or organisation where you can render a UI to manage these permissions. I suspect you might be able to use a built-in permissions control, but again, speculating.