Setting where (URL rewrite) of mongo-mounts property as path prefix in predicate

[varunnayal]

RestHeart Version: 3.1.1

I am trying to use where property in mongo-mounts to define permissions for various roles. Here is the snippet of mongo-mounts from restheart.yml

...
mongo-mounts:
    - what: "*"
      where: /
    - what: "/db/coll"
      where: "/path/to/collection"
...

Here is the snippet of permissions from security.yml

...
users:
    - userid: restrict
      password: restrict
      roles: [basic]
...
permissions:
   ...
    - role: basic
      # Based on the url exposed in mongo-mounts
      predicate: path-prefix[path="/path/to/collection"]
...

Now, following curl request throws Forbidden Access(403) error curl -u restrict:restrict 'http://127.0.0.1:8080/path/to/collection'

Changing the predicate to /db/coll and then using http://127.0.0.1:8080/db/coll in curl would work and restrict the user to specified collection but then we won't be using url rewrite feature.

[ujibang]

That's by design. The predicate is applied to the canonical resource name, not to the rewritten one.

This way you can remap your URLs without impacting the security configuration.

[varunnayal]

Thanks for the clarification.