-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
access control on metadata #6
Comments
Yeah, it's a good idea. I'm not sure if we can just use |
If authentication is in place, then we are already authenticated here, and current user is set. (I've used both Oauth1 and a home-brew JWT in this project). |
If so, I think |
One challenge we have is restricting user access to the metadata......
I'm toying with the idea of adding an entry to each metadata defn containing a set of required capabilities (maybe an entry for read, entry for write), and a check with 'current_user_can' against these for data read and data write.
Any thoughts/plans on this?
The text was updated successfully, but these errors were encountered: