forked from mirror/Part-DB.Part-DB-server
Added permissions to control access to API and manage API tokens
This commit is contained in:
Jan Böhmer
parent
be14fe548c
commit
8fe3f4cf5c
7 changed files with 60 additions and 26 deletions
|
|
@ -69,3 +69,5 @@ security:
|
|||
# We get into trouble with the U2F authentication, if the calls to the trees trigger an 2FA login
|
||||
# This settings should not do much harm, because a read only access to show available data structures is not really critical
|
||||
- { path: "^/\\w{2}/tree", role: PUBLIC_ACCESS }
|
||||
# Restrict access to API to users, which has the API access permission
|
||||
- { path: "^/api", allow_if: 'is_granted("@api.access_api") and is_authenticated()' }
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue