Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Media Endpoint Role Based Access Control #1408

Closed
masrayie opened this issue Aug 27, 2020 · 1 comment
Closed

Media Endpoint Role Based Access Control #1408

masrayie opened this issue Aug 27, 2020 · 1 comment
Labels
stale

Comments

@masrayie
Copy link

masrayie commented Aug 27, 2020
edited
Loading

Hello, I'm using Role Based Access Control

But how I can use this function to media endpoint.
Because it only works when I set the role in ALLOWED_READ_ROLES, it doesn't work if only set on ALLOWED_ITEM_READ_ROLES, which is security risk.

I'm trying to modify the auth.py file and I add some logic for media endpoint like this below in requires_auth function:
elif endpoint_class == "media":
resource_name = resource = None
public = app.config["PUBLIC_METHODS"] + ["OPTIONS"]
roles = list(app.config["ALLOWED_ROLES"])
if request.method in ["GET", "OPTIONS"]:
roles += app.config["ALLOWED_READ_ROLES_MEDIA"]
auth = app.auth
And it works well, is it okay ?

Thank you.
@stale
Copy link

stale bot commented Jun 11, 2021

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

@stale stale bot added the stale label Jun 11, 2021
@stale stale bot closed this as completed Apr 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@masrayie