You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2014-11-20 15:51:14
- jonjbar
- Member
- Registered: 2012-12-27
- Posts: 23
Custom authorization: where to start ?
I'm really confused about authorization in mORMot. I'm using a TSQLHttpServer.
I understand I should use TSQLAuthUser and TSQLAuthGroup to provide per-table restrictions.
However, how to handle more complex scenarios such as for example:
* A user who created a specific TBlogArticleRecord can have CRUD right access for it while other users can only have read access on that record ?
* A user can only receive a list of the TBlogArticleRecord he has the rights to read when calling for example TBlogArticleRecord.CreateAndFillPrepare as server will filter any un-authorized records ?
Thanks for any help.
Offline
#2 2014-11-20 15:54:04
Re: Custom authorization: where to start ?
Authorization is for a whole table wide.
You can not set authorization for a particular record.
If you need more tuned security, use an interface based service, and disallow the whole table reading at ORM/REST level.
Offline
#3 2014-11-25 11:26:19
- jonjbar
- Member
- Registered: 2012-12-27
- Posts: 23
Re: Custom authorization: where to start ?
OK Thanks. Perhaps in a future update.
Offline
Pages: 1