humerh
commented
5 years ago Basic Authentication is ok! I tested it.
Closed patrickkaleta closed 5 years ago
humerh
commented
5 years ago Basic Authentication is ok! I tested it.
As discussed with @humerh and @fgeyer16, we will use Basic Authentification for the communication between CSIS and Emikat. I enabled the module, configured the REST interface for
ContentandGroupto additionally work with basic_auth and created a special user, as well as a new user role called "REST", for which the permissions have to be further specified (currently it just allows to view content, but not to create, update or delete it).By default Drupal allows unregistered users to view any published content, given that they know the NodeID of this content. This means that currently no authentifications is necessary to get e.g. a data package or resource as json object, as long as the URL to that content is known (setting view permissions for individual content types is not supported by default!). I think the Node View Permissions module could be used to configure which content types can be accessed only by logged in users. @fgeyer16 Do you agree or do you have any other suggestions on what we could do about those permission settings?