tag:blogger.com,1999:blog-2017722013954230907.post7933409335375678154..comments2023-08-24T04:54:56.823-07:00Comments on Code.Random: Access Control for Your RESTful APIwuherhttp://www.blogger.com/profile/05881990917829152817noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-2017722013954230907.post-83071388068177641102021-06-17T04:43:33.784-07:002021-06-17T04:43:33.784-07:00When your website or blog goes live for the first ...When your website or blog goes live for the first time, it is exciting. That is until you realize no one but you and your. <a href="https://cctvsingapore.shutterfly.com/" rel="nofollow">security alarm</a><br />mohsinhttps://www.blogger.com/profile/01999013953728322864noreply@blogger.comtag:blogger.com,1999:blog-2017722013954230907.post-25219496439755274102021-06-03T09:39:32.606-07:002021-06-03T09:39:32.606-07:00I gotta favorite this website it seems very he...I gotta favorite this website it seems very helpful . <a href="https://access-card-system0.yolasite.com/" rel="nofollow">https://site-3854923-709-293.mystrikingly.com/blog/what-is-access-card-system</a><br />liperkhttps://www.blogger.com/profile/04215964580275919762noreply@blogger.comtag:blogger.com,1999:blog-2017722013954230907.post-23322854481521794462013-09-06T15:57:53.512-07:002013-09-06T15:57:53.512-07:00This comment has been removed by the author.inf3rnohttps://www.blogger.com/profile/15504572106652681388noreply@blogger.comtag:blogger.com,1999:blog-2017722013954230907.post-64133918454197927572013-09-06T15:04:15.673-07:002013-09-06T15:04:15.673-07:00I asked the same here: http://stackoverflow.com/qu...I asked the same here: http://stackoverflow.com/questions/18622678/rest-api-use-endpoint-properties-in-authorization-model<br /><br />I think you can use additional filters by every permission. After that you can easily filter the properties, just check whether the user has permission to a subresource, or a projection. For example you can give a permission like this "GET /users/* filter:isOwner projections:uri,basic". After that you can check that user is the owner of the account you want to see or not. And you can give permission if she wants uri or basic projection. If she is looking for full projection you can send 403 response, or basic projection if you have an ordered list of projections. It's not so simple, but it could work. I'm developing a similar system in php. It is much better with this approach than hardcode the permissions...inf3rnohttps://www.blogger.com/profile/15504572106652681388noreply@blogger.comtag:blogger.com,1999:blog-2017722013954230907.post-89170366672463762202013-09-06T14:57:11.912-07:002013-09-06T14:57:11.912-07:00This comment has been removed by the author.inf3rnohttps://www.blogger.com/profile/15504572106652681388noreply@blogger.com