wok icon indicating copy to clipboard operation
wok copied to clipboard
verified publisher icon kimchi-project

Improve Wok authentication/authorization behavior

Open Truja opened this issue 9 years ago • 0 comments

Current Wok provides two methods to add security in requests/API:

  • authentication
  • authorization

AUTHENTICATION: user must be authenticated or logged (user/password) to perform a request. This is set passing True in @UrlSubNode decorator, in control Collection class[.

AUTHORIZATION: once user is authenticated, you can set if any user or only admin user can perform a given request, setting "self.admin_methods" in control class

Problem is: Once setting authentication to the collection, the resources will need authentication too. If authentication is False in collection, resources actions will be "opened" too. There are cases where Collection should not require authentication but the actions in resources must have. For instance: list the TASKS is ok (collection without authentication), but delete one of the TASKS must require authentication (action in a resource).

Today, if you set the decoration only in the Resource, Wok raises an error.

This could be improved

Truja avatar Jun 06 '16 19:06 Truja