You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
One challenge we have is restricting user access to the metadata......
I'm toying with the idea of adding an entry to each metadata defn containing a set of required capabilities (maybe an entry for read, entry for write), and a check with 'current_user_can' against these for data read and data write.
Any thoughts/plans on this?
The text was updated successfully, but these errors were encountered:
If authentication is in place, then we are already authenticated here, and current user is set. (I've used both Oauth1 and a home-brew JWT in this project).
If current user is unset, then the current user is zero; for people who do not allow un-authenticated access to rest, it would not get to these functions unless the user is valid.
What I'm unsure of is what current_user_can([]) would return if there is no current user, and also what it will DO - I think it may try to check authorisation every time; not very efficient.
One challenge we have is restricting user access to the metadata......
I'm toying with the idea of adding an entry to each metadata defn containing a set of required capabilities (maybe an entry for read, entry for write), and a check with 'current_user_can' against these for data read and data write.
Any thoughts/plans on this?
The text was updated successfully, but these errors were encountered: