New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add REST API authentication and permissions #15

Merged
merged 2 commits into from Apr 21, 2016

Conversation

Projects
None yet
2 participants
@kroepke
Member

kroepke commented Apr 20, 2016

We currently do not have roles that makes use of the permission restrictions, but they are addressable nonetheless.

@kroepke kroepke added this to the 1.0.0 milestone Apr 20, 2016

@joschi joschi self-assigned this Apr 20, 2016

@@ -117,6 +121,7 @@ public RuleSource parse(@ApiParam(name = "rule", required = true) @NotNull RuleS
@ApiOperation(value = "Get all processing rules")
@GET
@RequiresPermissions(PipelineRestPermissions.PIPELINE_RULE_READ)

This comment has been minimized.

@joschi

joschi Apr 21, 2016

Contributor

I know that we're doing this with other resources as well, but this would allow users to read rules they're not allowed to read in #get(String) via the #getAll() method.

Should we filter out rules that the user isn't allowed to read? (I doubt that this will ever happen, but at least it should work…)

final PipelineConnections connections = connectionsService.load(streamId);
// filter out all pipelines the user does not have enough permissions to see
return PipelineConnections.create(

This comment has been minimized.

@joschi

joschi Apr 21, 2016

Contributor

This is one of the rare cases where an AutoValue builder could actually be useful. 😉

But nothing to change for this PR.

@joschi

This comment has been minimized.

Contributor

joschi commented Apr 21, 2016

LGTM. 👍

@joschi joschi merged commit ac73447 into master Apr 21, 2016

@joschi joschi deleted the issue-14 branch Apr 21, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment