Closed Tectu closed 2 years ago
After taking some time to think about this properly, I think the router::add_policy()
mechanism is sufficient for now.
The only change necessary to make this work well for sub-router protection is to perform the policy check as early as possible (i.e. within router::handle_request()
rather than router::handle_http_request()
to ensure that policy checks happen before sub-router resource matching.
Commit 074ad68ff446812dbed0fcf5fca6491046535e0e introduced this change.
Currently, an access policy can be added to a specific resources using
router::add_policy()
. However, I think that this approach is somewhat limiting.Instead, I would recommend using an approach similar to the request filters: an optional argument to the various
router:add*()
functions which accepts a policy.This would also remove the need for the newly introduced and very fuckly
router::set_policy()
.