Path
The path condition allows you to constrain a policy statement so that it applies to content nodes that exist at a matching path. This condition supports regular expressions, allowing you to focus in on a single path, sub paths or arbitrary matching path structures.
Configuration
{
"type": "path",
"config": {
"path": "{value regex}"
}
}
Samples
This policy document grants the Consumer role to all content in the path /images/*.
{
"title": "My Sample Policy",
"statements": [{
"action": "grant",
"roles": ["consumer"],
"conditions": [{
"type": "path",
"config": {
"path": "^/images/.*"
}
}]
}]
}
This policy document grants the Consumer to all content under /products except for those under the /products/sony folder.
{
"title": "My Sample Policy",
"statements": [{
"action": "grant",
"roles": ["consumer"],
"conditions": [{
"type": "path",
"config": {
"path": "^/products/.*"
}
}]
}, {
"action": "revoke",
"roles": ["consumer"],
"conditions": [{
"type": "path",
"config": {
"path": "^/products/sony.*"
}
}]
}]
}
And here is an example where we grant editor rights to /Services folder and all of its children.
This uses an or condition to wrap two conditions (one that matches the /Services folder and the other that matches the children using a wildcard).
{
"title": "Editor of /Services and all children",
"statements": [
{
"action": "grant",
"roles": [
"editor"
],
"conditions": [
{
"type": "or",
"config": {
"conditions": [
{
"type": "path",
"config": {
"path": "^/Services"
}
},
{
"type": "path",
"config": {
"path": "^/Services/.*"
}
}
]
}
}
]
}
]
}
The same thing can be accomplished using a single regex, like this:
{
"title": "Editor of /Services and all children",
"statements": [
{
"action": "grant",
"roles": [
"editor"
],
"conditions": [
{
"type": "path",
"config": {
"path": "^/Services(?:/.*|)"
}
}
]
}
]
}