New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authentication / Access Permissions / Application Level Authentication #1

Closed
cfoster opened this Issue Dec 10, 2018 · 2 comments

Comments

Projects
None yet
1 participant
@cfoster
Copy link
Owner

cfoster commented Dec 10, 2018

This ticket is a place to discuss ideas around adding support for Application Level Authentication to XQRS.

Some ideas are as follows

declare
  %rest:path("/my/path")
  %rest:GET
  %xdmp:privilege("http://marklogic.com/xdmp/privileges/infostudio", "execute")
function exec() {
  (: function will only invoke if the logged in user has the above privilege :)
};
declare
  %rest:path("/my-basket")
  %rest:GET
  %xdmp:user("john.smith")
function exec() {
  (: function will only invoke if the logged in user is john.smith :)
};
declare
  %rest:path("/group-basket")
  %rest:GET
  %xdmp:role("tde-admin")
function exec() {
  (: function will only invoke if the logged in user has the role tde-admin :)
};

@cfoster cfoster added the enhancement label Dec 10, 2018

@cfoster

This comment has been minimized.

Copy link
Owner

cfoster commented Dec 10, 2018

Another potential idea is allowing details to be passed through function parameters

declare
  %rest:path("/user")
  %rest:GET
  %xdmp:user('{$user}')
function exec($user as xs:string?) {
  if($user = 'john.smith') then (
    'Hello John'
  ) else (
    'Unknown'
  )
};
@cfoster

This comment has been minimized.

Copy link
Owner

cfoster commented Dec 10, 2018

An Optional XQuery Library could be added to live along side Multi Statement Transactions for performing logging in.

Which would provide useful services

The services

  • /login making use of xdmp:login
  • /logout making use of xdmp:logout
  • /status detailing information about the logged in user, including role information.

cfoster added a commit that referenced this issue Dec 11, 2018

@cfoster cfoster closed this Dec 11, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment