Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improving access policy handling #96

Closed
Tectu opened this issue Dec 28, 2021 · 1 comment
Closed

Improving access policy handling #96

Tectu opened this issue Dec 28, 2021 · 1 comment
Labels
enhancement New feature or request

Comments

@Tectu
Copy link
Owner

Tectu commented Dec 28, 2021
edited
Loading

Currently, an access policy can be added to a specific resources using router::add_policy(). However, I think that this approach is somewhat limiting.

Instead, I would recommend using an approach similar to the request filters: an optional argument to the various router:add*() functions which accepts a policy.

This would also remove the need for the newly introduced and very fuckly router::set_policy().
@Tectu Tectu added the enhancement New feature or request label Dec 28, 2021
Tectu added a commit that referenced this issue Dec 29, 2021
@Tectu
server/router: improve the way policies are handled
074ad68 
This changes the way that policies are handled. Basically we're performing the policy check as the very first thing inside router::handle_request(). This ensures that we can also apply policies to entire sub-routers. Prior to this change, policies were only checked/handled within router::handle_http_request() which meant that sub-routers could not be policy protected. As a workaround, router::set_policy() was introduced to provide a router-wide policy.
This change fixes all of those problems. One can now simply use router::add_policy() and it will work for sub-router protection as well.

Ref #96
@Tectu
Copy link
Owner Author

Tectu commented Dec 29, 2021

After taking some time to think about this properly, I think the router::add_policy() mechanism is sufficient for now.
The only change necessary to make this work well for sub-router protection is to perform the policy check as early as possible (i.e. within router::handle_request() rather than router::handle_http_request() to ensure that policy checks happen before sub-router resource matching.

Commit 074ad68 introduced this change.

@Tectu Tectu closed this as completed Dec 29, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Tectu