authenticate only certain routes
Opened this issue · 1 comments
Hello,
I'm using the authentication and login stuff, which is working fine. However, I need one route to be open to anyone, not just logged in members.
`Member:
extensions:
- RESTfulAPI_TokenAuthExtension
RESTfulAPI:
authentication_policy: true
access_control_policy: 'ACL_CHECK_CONFIG_AND_MODEL'
dependencies:
authenticator: '%$RESTfulAPI_TokenAuthenticator'
cors:
Enabled: true
Allow-Origin: ''
Allow-Headers: ''
Allow-Methods: 'GET,POST'
Max-Age: 86400
RESTfulAPI_TokenAuthenticator:
tokenOwnerClass: 'Member'
Mountain:
api_access: 'GET'
Log:
api_access: 'GET,POST'`
I'd like the 'Log' dataobject to require the authentication, but the 'mountain' dataobject should be open to everyone.
Is this possible?
Hey @jonshutt sorry for leaving you hanging with no answer...
Right now this is not possible with just a straight forward config. To get one API route with Auth and another without or just for some models, I see 2 solutions:
- Extend
RESTfulAPI
to something likeOpenRESTfulAPI
and disable Auth on its config. Then add a director route with something like'openapi': 'OpenRESTfulAPI'
- Or extend
RESTfulAPI_TokenAuthExtension
and overrideauthenticate
to always return true for certain models
Extending RESTfulAPI
might cleaner in the end, if you are ok to have 2 different api routes.