cubicweb #4919855 Implement security context [open]
This security context would be a dictionary in which keys could be used in permissions rql expressions.
Such a context would be very useful to check permissions against arbitrary informations orthogonal to the current user. For example, a token that gives access to a specific resource could be used to share a private resource via a simple url including this token.
Once such a system works, the current user (_cw.user) and its security related attributes (groups) could be transfered to this context, making cnx.user useless and less a problem than it is today .
Another big advantage would be that it would be easier to have an external system providing security informations without hacking around the user, connection and session . One could even have permissions checking without a single CWUser in the database.
|done in||<not specified>|
|closed by||<not specified>|
|patch||[wip] Implements security_ctx as permanent rql args [rejected][wip] Inject security context in RQLExpression._check [rejected][wip] Add access to the security_context from subsitute variables [rejected][wip] Introduce a security_ctx in rqlrewrite [rejected]|