Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refine AccessPolicy API #814

Open
danielballan opened this issue Nov 19, 2024 · 0 comments
Open

Refine AccessPolicy API #814

danielballan opened this issue Nov 19, 2024 · 0 comments
Assignees
@nmaytan

Comments

@danielballan
Copy link
Member

Tersely capturing a design discussion with @nmaytan (to elaborate later)...

The AccessPolicy API may be extended from

def filter(self, node, principal, scopes)
    ...

def allowed_scopes(self, node, principal):
    ...

to

async def filter(self, node, principal, scopes, segments=None)
    ...

async def allowed_scopes(self, node, principal, segments=None):
    ...

Then the enforcement code in the server will identify the first node in the tree that has a not-None access_policy, and it will pass that node into filter along with the list of segments (i.e. URL path given as list of strings). Within filter, the access policy can do any additional I/O that it wants in order to decide the access allowed on the target.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nmaytan nmaytan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@danielballan @nmaytan