Yes, what you are describing sounds like Access Control Lists (ACLs) and it
is possible to check within your code to see if the current user has
necessary permissions before carrying out an action. I'm not familiar with
the rest server module that you are using but there might be something in it
already which provides ACLs. If not, you can roll your own by adding a list
(or lists) of authorized users to an entity, or you could create groupings
for users (roles) and each entity could have a list of authorized roles.
There are quite a few design possibilities, some designs call require more
complex ACL implementations than others. Is sharing mostly on a per user
basis or are there identifiable types of users (admins, editors, readers,
etc.)?

Thank you,

Jeff

On Thu, Aug 6, 2009 at 8:39 PM, epb <esbenbu...@gmail.com> wrote:

>
> Hi
>
> I am using the app engine rest server module to access different
> instances of a datamodel on my GAE app. Login is required on the app
> but I would like the system to use instance-wise authentication so
> that only a specific set of users A (and not all users) has access to
> a specific datamodel instance B via the rest server interface. Fx. the
> datamodel instance with key 1234 can only be accessed by a specfic set
> of users via http://myapp.com/rest/DATAMODELNAME/1234, both with HTTP
> GET and POST/PUT. Can this be done?
> >
>

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To post to this group, send email to google-appengine@googlegroups.com
To unsubscribe from this group, send email to 
google-appengine+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/google-appengine?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to