You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the permissions we use doesn't have any entity level context. But some of our APIs need that context.
For example,
payment/list - This can only be accessible by merchant level users or higher. Profile level users should not be able to access it.
payment/profile/list - This can be accessible by all level of users.
With current setup, this is not directly possible by the permissions. We had to introduce min_entity_level to solve this, but this is very separated from the permissions.
To solve this, we need to have entity level context at permissions level itself.
Scope for permissions
The write permissions currently doesn't have access to read APIs, but since write is a superset of read, they should be able to access read APIs as well.
So, this PR also introduces scope context in permissions.
The text was updated successfully, but these errors were encountered:
Currently the permissions we use doesn't have any entity level context. But some of our APIs need that context.
For example,
payment/list
- This can only be accessible by merchant level users or higher. Profile level users should not be able to access it.payment/profile/list
- This can be accessible by all level of users.With current setup, this is not directly possible by the permissions. We had to introduce
min_entity_level
to solve this, but this is very separated from the permissions.To solve this, we need to have entity level context at permissions level itself.
Scope for permissions
The write permissions currently doesn't have access to read APIs, but since write is a superset of read, they should be able to access read APIs as well.
So, this PR also introduces scope context in permissions.
The text was updated successfully, but these errors were encountered: