cubicweb #4919855 Implement security context [in-progress]
This security context would be a dictionary in which keys could be used in permissions rql expressions. Such a context would be very useful to check permissions against arbitrary informations orthogonal to the current user. For example, a token that gives access to a specific resource could be used to share a private resource via a simple url including this token. Once such a system works, the current user (_cw.user) and its security related attributes (groups) could be transfered to this context, making cnx.user useless and less a problem than it is today [1]. Another big advantage would be that it would be easier to have an external system providing security informations without hacking around the user, connection and session [2]. One could even have permissions checking without a single CWUser in the database. | |
| priority | normal |
|---|---|
| type | enhancement |
| done in | <not specified> |
| closed by | <not specified> |
| patch | [wip] Implements security_ctx as permanent rql args [rejected][wip] Inject security context in RQLExpression._check [rejected][wip] Add access to the security_context from subsitute variables [rejected][wip] Introduce a security_ctx in rqlrewrite [rejected] |
