This is an Open Source add-on that improves the reviewing process and lets external users to view & review content items or whole projects without the need to access the Edit Mode. Created and maintained by Bartosz Sekuła and Grzegorz Wiecheć
Apache License 2.0
17
stars
15
forks
source link
PinCodeSecurityOptions.RolesWithoutPin has no effect #242
This setting is ignored by the system. I guess this is because the user authorization is now handled in the PagePreviewPartialRouter, which is called during endpoint resolution in the EndpointRoutingMiddleware, and if the recommended order of middlewares is configured, the user is not authenticated in this stage yet.
Wouldn't be a better idea to register a new Authorization handler? This way authorization would be handled from AuthorizationMidleware, where it belongs and the issue with RolesWithoutPin could be solved.
This setting is ignored by the system. I guess this is because the user authorization is now handled in the
PagePreviewPartialRouter, which is called during endpoint resolution in theEndpointRoutingMiddleware, and if the recommended order of middlewares is configured, the user is not authenticated in this stage yet. Wouldn't be a better idea to register a new Authorization handler? This way authorization would be handled fromAuthorizationMidleware, where it belongs and the issue with RolesWithoutPin could be solved.