Changes

Non-trivial web applications require a user management: Users need to log in too to a web site in order to get access to protected parts of a web site, and depending pages. Depending on their status (role, user group, …), they can be offered different views. One popular way to realize this is to start each RESTXQ function body with a call to a security function. This function raises an exception if a user is not logged in, or has not enough permissions to call the requested REST endpoint.

With {{Version|9.0}} of BaseX, a light-weight permission layer has been addedthat simplifies permission checks a lot:

* Functions RESTXQ functions can be annotated with flexible permission strings, and* Global permission functions can be written to ensure that the current user access will only be granted if a client has sufficient permissions.