New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to allow anonymous access to some resources #3
Comments
Further to this, I have made some modest progress on my own here: The approach is to use the
An example of default permissions is shown below:
This approach seems to be working for me so far and allows for a default set of permissions for each resource that determines what anonymous users can do, but can be superseded by permissions supplied by authenticated user credentials. I'm keen for any comments on the suitability of this approach, and appreciate it may be outside of where you want to position cores-hapi. My next task is to look into additional actions for users that permit them to only access/modify their own resources, e.g. something like...
But this doesn't seem right as these additional actions are not mutually exclusive, i.e. |
It would be nice to have finer grained control. We could make the permission check function customizable, so anyone could define their own methods. |
OK, I hope this is my last question about authorisation :)
How would I go about providing anonymous to some resources, while securing others. Or indeed, only protecting some actions, e.g. create, update and destroy whilst allowing anonymous access to load and views.
As your library takes care of the route configuration, I'm not sure how to handle these exceptions. An thoughts or ideas much appreciated.
Cheers, Rob
The text was updated successfully, but these errors were encountered: