Open jonshutt opened 7 years ago
Hey @jonshutt sorry for leaving you hanging with no answer...
Right now this is not possible with just a straight forward config. To get one API route with Auth and another without or just for some models, I see 2 solutions:
RESTfulAPI
to something like OpenRESTfulAPI
and disable Auth on its config. Then add a director route with something like 'openapi': 'OpenRESTfulAPI'
RESTfulAPI_TokenAuthExtension
and override authenticate
to always return true for certain modelsExtending RESTfulAPI
might cleaner in the end, if you are ok to have 2 different api routes.
Hello,
I'm using the authentication and login stuff, which is working fine. However, I need one route to be open to anyone, not just logged in members.
`Member: extensions:
RESTfulAPI: authentication_policy: true access_control_policy: 'ACL_CHECK_CONFIG_AND_MODEL' dependencies: authenticator: '%$RESTfulAPI_TokenAuthenticator' cors: Enabled: true Allow-Origin: '' Allow-Headers: '' Allow-Methods: 'GET,POST' Max-Age: 86400 RESTfulAPI_TokenAuthenticator: tokenOwnerClass: 'Member'
Mountain: api_access: 'GET'
Log: api_access: 'GET,POST'`
I'd like the 'Log' dataobject to require the authentication, but the 'mountain' dataobject should be open to everyone.
Is this possible?