Closed varunnayal closed 7 years ago
RestHeart Version: 3.1.1
I am trying to use where property in mongo-mounts to define permissions for various roles. Here is the snippet of mongo-mounts from restheart.yml
where
mongo-mounts
restheart.yml
... mongo-mounts: - what: "*" where: / - what: "/db/coll" where: "/path/to/collection" ...
Here is the snippet of permissions from security.yml
permissions
security.yml
... users: - userid: restrict password: restrict roles: [basic] ... permissions: ... - role: basic # Based on the url exposed in mongo-mounts predicate: path-prefix[path="/path/to/collection"] ...
Now, following curl request throws Forbidden Access(403) error curl -u restrict:restrict 'http://127.0.0.1:8080/path/to/collection'
curl -u restrict:restrict 'http://127.0.0.1:8080/path/to/collection'
Changing the predicate to /db/coll and then using http://127.0.0.1:8080/db/coll in curl would work and restrict the user to specified collection but then we won't be using url rewrite feature.
/db/coll
http://127.0.0.1:8080/db/coll
That's by design. The predicate is applied to the canonical resource name, not to the rewritten one.
This way you can remap your URLs without impacting the security configuration.
Thanks for the clarification.
RestHeart Version: 3.1.1
I am trying to use
where
property inmongo-mounts
to define permissions for various roles. Here is the snippet ofmongo-mounts
fromrestheart.yml
Here is the snippet of
permissions
fromsecurity.yml
Now, following curl request throws Forbidden Access(403) error
curl -u restrict:restrict 'http://127.0.0.1:8080/path/to/collection'
Changing the predicate to
/db/coll
and then usinghttp://127.0.0.1:8080/db/coll
in curl would work and restrict the user to specified collection but then we won't be using url rewrite feature.