For commands
I can add user permissions like this:
'Add item': command
can-execute: user .'Known user'?'Yes'.'Is administrator'?'Yes'
{ ... } => ...
But with actions
this is not allowed by the compiler. Does this mean actions
are always executable for all users?
An action
is an operation – or chain of operations – that a webclient
executes. If the action
implementation specifies operations for which a webclient
user does not have required permissions, the user cannot execute that corresponding part of the action
and the action
execution fails.
A command
is executed by the datastore/application engine, which is the backend. The datastore engine checks if a user has all required permissions for executing a command
. For that, the user needs read permission for the node on which the command is called, as well as the required permissions specified by can-execute: ...
for the command
.