Tectu
commented
2 years ago After taking some time to think about this properly, I think the router::add_policy() mechanism is sufficient for now.
The only change necessary to make this work well for sub-router protection is to perform the policy check as early as possible (i.e. within router::handle_request() rather than router::handle_http_request() to ensure that policy checks happen before sub-router resource matching.
Commit 074ad68ff446812dbed0fcf5fca6491046535e0e introduced this change.
Currently, an access policy can be added to a specific resources using
router::add_policy(). However, I think that this approach is somewhat limiting.Instead, I would recommend using an approach similar to the request filters: an optional argument to the various
router:add*()functions which accepts a policy.This would also remove the need for the newly introduced and very fuckly
router::set_policy().