With BaseX 12 (and, unofficially, with BaseX 11.6), both the query parameters and the HTTP request headers can now be accessed via the permission variable [1]. For all further request values, the Request Module can be used.
[1] https://docs.basex.org/12/Permissions#checking_permissions On Tue, Nov 26, 2024 at 9:28 AM Christian Grün <[email protected]> wrote: > Dear Jörn, > > Thanks for sharing your OAuth2 implementation, very appreciated. > > >> While working on this, I realized that BaseX' permission attributes >> unfortunately lack a small feature that would be quite useful: The "perm" >> parameter to the checking function provides the method and the path, but >> unfortunately not any URL parameters. >> > > Indeed it has been suggested multiple times that $perm should be enhanced. > In the latest snapshot, we have finally added the query parameters [1], and > we may add some more properties. Your feedback is welcome; if it works as > expected, we will revise the documentation. BaseX 11.6 will be released > this week or in December. > > With older versions of BaseX, you can use the request:parameter function > to access query parameters [2]. > > Best, > Christian > > [1] https://files.basex.org/releases/latest/ > [2] https://docs.basex.org/12/Request_Functions#request:parameter > > > > > >> In my case, I would like to remember the URL (including parameters) the >> user called before I redirect him to the authorization server to login, so >> I can afterward redirect him to the page he actually wanted. >> But in a more general context, I can imagine it would also be useful to >> do permission checks on the parameters, too. Or maybe I missed something? >> >> Kind regards >> Jörn Willhöft >> >
