starsz commented on issue #1825:
URL:
https://github.com/apache/apisix-dashboard/issues/1825#issuecomment-907801158
> Hi @liuxiran, Thanks for sharing the details.
>
> Since Dashboard is for the authenticated users, we definitely can work on
top of the authentication framework by storing another field something similar
to `"restrict-full-access": bool` in the etcd for each user. The info gets
encoded into the existing jwt and passed to the web-ui / CLI on successful
signin.
> We will add a middleware or modify the existing one to restrict the
protected routes (here ig HTTP methods, allow only GET requests, no POST, PUT,
PATCH or DELETE).
> And for the frontend part, we can cache the info in a react state while
receiving the jwt from the backend and perform all sorts of restrictions.
>
> Let me know how this sounds (also @nic-chen @starsz). I would love to hear
from you. Thanks.
That sounds good. Maybe we can discuss this in the email list.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
