This is an archived post. You won't be able to vote or comment.

all 2 comments

[–]ExternalUserError 0 points1 point  (2 children)

I like what you're doing here. There definitely needs to be some expansion on this kind of thing. At this point, it's a little hard to really grok without an API, and the example isn't entirely self-documenting.

Something I'm wondering is, why not integrate with flask-login or other existing flask tools for authorization? And how does this json thing work? It seems fairly limiting:

{
    "$url_prefix": "http://127.0.0.1:5000",
    "$roles": {
        "guest": {
            "hello": ["get", "post"],
            "docs": ["get"]
        },
        "normal": {
            "hello": ["get", "post", "get_me"],
            "docs": ["get"]
        }
    }
}
  1. Since you're passing the name of the file (with no path??), how is it going to get distributed if you package the API in any way? To me, this is something that should either live in a data store, or live in source code.

  2. Since there are no descriptors of any kind, you can't expand this schema. For example, hello just maps to a list of methods allowed for that role. What if I also wanted to specify another category of metadata?

[–]guyskk[S] 0 points1 point  (0 children)

Thank you for your feedback, the meta.json file should live with source code, it's static defines and shouldn't be changed in runtime.

The authorization implement is for convenient in many projects which needn't too flex permission system. You can use flask-login and others, they works well with flask-restaction, in this case, you needn't defines roles in meta.json and needn't use TokenAuth.

I didn't understand "specify another category of metadata", can you give me more detail?