Closed dreamsbond closed 6 years ago
Default low level API methods do not call auth by themselves. You as a developer to decide where you need auth and what kind of and where you don't.
I recommend adding a method to API such as readPutYourRelationshipNameHere
and add auth check there. Here is an example
Yes but seems authorizer there does not have effect
Yes. I did. But the authroizer does not have effect in fork
Can you please provide an example?
Add a breakpoint in the policy to make sure you actually call it and try to return false
.
having read the readRelationship, to my understanding. looks like it get relationship data directly without pass through the api authorization.
if i got to restrict the access of a resource, how do i make it?