Closed christophe-lejeune closed 8 years ago
Mixing black lists and white lists can be quite hard for programs (and humans too) to interpret. However you can already set a sandbox with a rule like this:
"rules": [{
"control": "!/sandbox/.test(path)",
"action": "authenticate(context,function(){authorize(context,function(){proxyWork(context)})})"
}]
Then, every URI containing "sandbox" will be ruled by the default (anarchic) rule.
As in the future "rules language", a sandbox would be set with a passive scheme verb:"*", subject:null
on a given object:"{uri}"
.
AAAforREST config file allows to define general "rules" for authentication.
On the top of these rules, thanks to the "restricted" parameter, the access to dedicated resources can be restricted to specific users.
When general rules are already quite complex, it would be convenient that a comparable parameter permits to define the opposite behaviour : not restricting but opening dedicated resource's access to anyone (including guest users, with no password). This parameter would be helpful to set sandboxes, demos or public examples, for instance.