Bureaucrats, editor, reviewer, Administrators
13,550
edits
Changes
Jump to navigation
Jump to search
→Checking Permissions
This page presents the web application permission layer of BaseX, which can be used along with [[RESTXQ]].
Non-trivial web applications require a user management: Users need to log in to a web site in order to get access to protected pages; Depending on their status (role, user group, …), they can be offered different views; etc. With {{Version|9.0}} of BaseX, a The light-weight permission layer has been added that simplifies permission checks a lot:
* Permission strings can be attached to RESTXQ functions.
** If no path argument is specified, {{Code|/}} is assigned instead.
* A variable can be specified in the second argument. A map with the following keys will be bound to that variable:
** {{Code|allow}}: Permission strings attached to the requested function; may be empty.
** {{Code|path}}: Original path of the client request.
** {{Code|method}}: Method of the client request ({{Code|GET}}, {{Code|POST}}, …).
** {{Code|authorization}}: Value of the HTTP Authorization header string; may be empty.
An example:
=Changelog=
;Version 9.1
* Added: {{Code|authorization}} value in permissions map variable
The Module was introduced with Version 9.0.
