You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, views routed by Girder 4 are public unless explicitly protected by some authorization checks. This issue is a proposal to add some friction to the development process so that public views are discouraged in favor of views protected by some minimal policy.
One possible minimal policy is to require users be logged in to interact with the views. The friction could be provided by using the Django system check framework to introspect the application's URLconf and issue a warning if it encounters any of the following:
This is not intended to define an authorization policy for all applications. Rather, it is intended to initialize applications with a slightly more conservative authorization policy rather than having none at all.
The text was updated successfully, but these errors were encountered:
Currently, views routed by Girder 4 are public unless explicitly protected by some authorization checks. This issue is a proposal to add some friction to the development process so that public views are discouraged in favor of views protected by some minimal policy.
One possible minimal policy is to require users be logged in to interact with the views. The friction could be provided by using the Django system check framework to introspect the application's URLconf and issue a warning if it encounters any of the following:
login_requireddecoratorLoginRequiredMixinpermissions_classesdecorator specifying theIsAuthenticatedpermissions class.IsAuthenticatedpermissions class in thepermissions_classesattribute arrayThis is not intended to define an authorization policy for all applications. Rather, it is intended to initialize applications with a slightly more conservative authorization policy rather than having none at all.
The text was updated successfully, but these errors were encountered: