m-rau
commented
4 years ago please ensure the following deliverables have been achieved:
- [x] api:// permission scheme including the CRUD logic is documented in https://core4os.readthedocs.io/en/latest/access.html#api-handler-access
- [x] api:// permission default methods (full CRUD) is mentioned there, too
- [x] the idea of subjects (AKA qual_names, AKA domains) is shortly described there, see also here (internal link) and there. Please note: I know that this is not 100% the same approach, but I'd like to position the core4 concept there: qual_names can be considered "subjects". What needs to be achieved is more a process and alignment matter rather than a matter of the technical solutions: frontend and backend must align on the subjects. Backend does this with Python package structure. Frontend does this in a similar way. Both align by using qual_names as subjects. BE has a slight advantage because qual_names are the same as package structures including the class name.
- [x] the endpoint to "query" existing user permissions (cascaded) is mentioned there, too
core4 api is now able to take CRUD permissions.
perm-format on user creation: api://qual_name/[crud]
If no specific permission is given, access to every method is provided.
This does not change current permission behavior, it just extends it.