Question - Plugin's helper URLs authentication

dreipol / djangocms-spa-vue-js

Run your django CMS project as a single-page application (SPA) with vue.js and vue-router.

MIT License

59 stars 9 forks source link

Question - Plugin's helper URLs authentication #7

Closed sergeypoprovka closed 1 year ago

sergeypoprovka commented 1 year ago

djangocms-spa-vue-js version: 0.1.27
Django version: 3.2
Python version: 3.10
Operating System: Mac Os X

Description

Hi! I have a problem with authenticating. When I'm trying to reach /api/pages for ex. I'm getting the list of helpful urls like:

/admin/cms/page/edit-plugin/20/

When I'm trying to use this URL POST /admin/cms/page/edit-plugin/20/ - I can't authenticate in any way. Which auth should I use? Basic? Token auth? Something else?

Thanks in advance.

chschuermann commented 1 year ago

Hi @sergeypoprovka: The URL looks correct. If you are already logged in to the Django admin, which must be the case when editing, no additional authentication is necessary. The requests between client and server are exactly the same as with the django CMS.

Or do I misunderstand your question and you want to somehow change the content from outside the admin directly via API? Because we have not covered this case. There you would have to integrate an authentication yourself.

sergeypoprovka commented 1 year ago

Hi @sergeypoprovka: The URL looks correct. If you are already logged in to the Django admin, which must be the case when editing, no additional authentication is necessary. The requests between client and server are exactly the same as with the django CMS.

Or do I misunderstand your question and you want to somehow change the content from outside the admin directly via API? Because we have not covered this case. There you would have to integrate an authentication yourself.

Hi, @chschuermann !

Thanks for the quick reply.

So as I understood - there is no possibility to use these URL's for ex. for a frontend page builder where I'll be able to add modules at the frontend and via API requests store(change) them at the backend? Correct?

chschuermann commented 1 year ago

Yes exactly, the package itself does not provide any possibility to do so. We have taken all the permissions from Django and django CMS. But I think it should be possible to override the URL and view and add a custom authentication layer.

sergeypoprovka commented 1 year ago

Thank you @chschuermann !