Bureaucrats, editor, reviewer, Administrators
13,550
edits
Changes
Jump to navigation
Jump to search
It is completely up to the user which The permission strings are used in an application. The strings may denote ids, users, user groups, applications, or any other realms. It is completely up to the user which strings are used.
This is demonstrated by The following lines of code complete the following exampleimage:
declare
%rest:path("/")
%output:method("html")
function local:login() {
<html>
<form action="login-check" method="post">
<input name="name"/>
<input type="password" name="pass"/>
<input type="submit"/>
</form>
</html>
};
no edit summary
<pre class="brush:xquery">
(:~ Public login Login page(visible to everyone). :)declare %rest:path("/") %output:method("html")function local:adminlogin() { <html> Please log in...: <form action="/login-check" method="post"> <input name="name"/> <input type="password" name="pass"/> <input type="submit"/> </form> </html>
};
(:~ Restricted Main page(restricted to logged in users). :)declare %rest:path("/main") %output:method("html")function local:adminmain() { <html> Welcome to the main page!: <a href='/main/admin'>admin area</a>, <a href='/logout'>log out</a>. </html>
};
(:~ Admin page. :)
declare %rest:path("/main/admin") %output:method("html") %perm:allow("admin") function local:admin() { <html> Welcome to the privileged administrator admin page. </html>
};
</pre>
==Checking permissionsPermissions==
Functions that are marked with {{Code|%perm:check}} will be invoked before the actual target function will be evaluated. Two arguments can be specified with the annotation:
* If a security function raises an error or returns any result (which can be a redirection or any other XQuery value), no other functions will be invoked. This means that the actually invoked function will only be evaluated if all security functions yield no result or error.
* As shown in the first function, the {{Code|%perm:check}} annotation can be combined with other RESTXQ annotations (excluding {{Code|%rest:path}} and {{Code|%rest:error}}).
* In the example, it is assumed that a logged in user is bound to a session variable (see further below)
The map, which can be bound to a variable (in this example {{Code|$perm}}), has the following keys:
=Authentication=
There are numerous ways how users can be authenticated in a web application(OAuth). The approach demonstrated in this article is very straight-forward:
* A login HTML page allows you to enter your credentials (user name, password).
* A login check function verifies checks if the inputtyped in data matches one of the database users. If the input is valid, a session id will be set, and the user will be redirected to the main page. Otherwise, (s)he will be redirected the redirection points back to the login page.
* A logout page deletes the session id.
<pre class="brush:xquery">
declare
%rest:path("/login-check")
%rest:path("/logout")
function local:logout() {
Session:delete($cons:SESSION-KEY'id'),
web:redirect("/")
};
