Fix authenticated role permissions, now it also has all anonymous permissions.

Added permissions on basic auth, to have more control on who can authenticate with basic auth. Use webapi version of basic auth filter. For webapi, when authenticated /api/user/ is the same as /api/user/{uid} where uid is the id of current logged in user.
2017-09-21 12:49:17 +02:00
parent 9d7d43073d
commit bc561b1a48
10 changed files with 135 additions and 61 deletions
--- a/modules/basic_auth/cms_basic_auth_module.e
+++ b/modules/basic_auth/cms_basic_auth_module.e
@@ -16,7 +16,9 @@ inherit
 		redefine
 			make,
 			filters,
-			setup_hooks
+			setup_hooks,
+			install,
+			permissions
 		end

 	CMS_WITH_WEBAPI
@@ -35,6 +37,17 @@ feature {NONE} -- Initialization
 			description := "Service to manage basic authentication"
 		end

+feature {CMS_API} -- Module management
+
+	install (a_api: CMS_API)
+		do
+			Precursor (a_api)
+			if attached a_api.user_api.anonymous_user_role as ano then
+				ano.add_permission (perm_use_basic_auth)
+				a_api.user_api.save_user_role (ano)
+			end
+		end
+
 feature {CMS_EXECUTION} -- Administration

 	webapi: CMS_BASIC_AUTH_MODULE_WEBAPI
@@ -46,6 +59,15 @@ feature -- Access

 	name: STRING = "basic_auth"

+	permissions: LIST [READABLE_STRING_8]
+			-- List of permission ids, used by this module, and declared.
+		do
+			Result := Precursor
+			Result.force ("use basic_auth")
+		end
+
+	perm_use_basic_auth: STRING = "use basic_auth"
+
 feature -- Access: auth strategy	

 	login_title: STRING = "Basic Auth"