Yes, what you are describing sounds like Access Control Lists (ACLs) and it is possible to check within your code to see if the current user has necessary permissions before carrying out an action. I'm not familiar with the rest server module that you are using but there might be something in it already which provides ACLs. If not, you can roll your own by adding a list (or lists) of authorized users to an entity, or you could create groupings for users (roles) and each entity could have a list of authorized roles. There are quite a few design possibilities, some designs call require more complex ACL implementations than others. Is sharing mostly on a per user basis or are there identifiable types of users (admins, editors, readers, etc.)?
Thank you, Jeff On Thu, Aug 6, 2009 at 8:39 PM, epb <esbenbu...@gmail.com> wrote: > > Hi > > I am using the app engine rest server module to access different > instances of a datamodel on my GAE app. Login is required on the app > but I would like the system to use instance-wise authentication so > that only a specific set of users A (and not all users) has access to > a specific datamodel instance B via the rest server interface. Fx. the > datamodel instance with key 1234 can only be accessed by a specfic set > of users via http://myapp.com/rest/DATAMODELNAME/1234, both with HTTP > GET and POST/PUT. Can this be done? > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---