Closed nivemaham closed 4 years ago
Why not filter the subjects (in the controller method) based on the permissions on the token? So only those subjects for which the user has access to will be displayed in the frontend then?
This is simply an attempt to complete the authentication with MP. The frontend does not query subjects or projects based on user permission. I agree that it would be the way to go. But it would need some work on both ends. This is an attempt to get the authorizer work with MP authentication and use a token from MP instead of Basic authentication on nginx.
@mpgxvii Sounds good to me.