Hello, should perm force authentication and only the user "admin" would be authorised? Best regards Frank module namespace page = 'http://basex.org/test'; declare %rest:path("basex-rest/test/check-rest-perm") %perm:allow("admin") %rest:GET %output:method("xml") function page:test-check-rest-perm() as element(response) { let $response := element response { 'Response' } return $response }; <response>Response</response>
Hi Frank, The argument for %perm:allow is an arbitrary string, which needs to be interpreted in an additional function with a %perm:check annotation [1]. If you use sessions to remember the permission of your current user, such a function could look as follows declare %perm:check('/', '{$perm}') function local:check($perm) { if ($perm?allow = Session:get('permission')) then () else web:error(401, 'Not authorized') }; How do you handle users in your web app? Best, Christian [1] https://docs.basex.org/wiki/Permissions#Checking_Permissions On Sat, Jun 12, 2021 at 6:48 PM SW-Service <sw-service@gmx.de> wrote:
Hello, should perm force authentication and only the user "admin" would be authorised? Best regards Frank
module namespace page = 'http://basex.org/test'; declare %rest:path("basex-rest/test/check-rest-perm") %perm:allow("admin") %rest:GET %output:method("xml") function page:test-check-rest-perm() as element(response) { let $response := element response { 'Response' } return $response };
<response>Response</response>
participants (2)
-
Christian Grün -
SW-Service