Need separate access rulesets for URIs with and without parameters

marain-dotnet / Marain.Claims

A Claims store. Sponsored by endjin.

GNU Affero General Public License v3.0

3 stars 1 forks source link

Need separate access rulesets for URIs with and without parameters #290

Open carmeleve opened 3 years ago

carmeleve commented 3 years ago

E.g., we often end up adding pairs of rulesets:

new ResourceAccessRule("get", new Resource("Roles", $"organisationalUnits/{organisationalUnitId}/roles"), "allow"),
new ResourceAccessRule("get", new Resource("Roles with Param", $"organisationalUnits/{organisationalUnitId}/roles?**"), "allow"),

These are logically the same rule, but we've ended up with two ResourceAccessRules to express what we want.

mwadams commented 3 years ago

This would seem to be a limitation of our globbing where we are not able to express the with-or-without query parameters.

We should perhaps support optionality in the same way as Uri templates, with the additional globbing.