|
@@ -665,6 +665,7 @@ You can tune the middleware behavior using middleware specific configuration par
|
665
|
665
|
- "reconnect.passwordHandler": Handler to implement retrieval of the database password ("")
|
666
|
666
|
- "authorization.tableHandler": Handler to implement table authorization rules ("")
|
667
|
667
|
- "authorization.columnHandler": Handler to implement column authorization rules ("")
|
|
668
|
+- "authorization.pathHandler": Handler to implement path authorization rules ("")
|
668
|
669
|
- "authorization.recordHandler": Handler to implement record authorization filter rules ("")
|
669
|
670
|
- "validation.handler": Handler to implement validation rules for input values ("")
|
670
|
671
|
- "validation.types": Types to enable type validation for, empty means 'none' ("all")
|
|
@@ -852,7 +853,7 @@ Add the "columns" controller in the configuration to enable this functionality.
|
852
|
853
|
|
853
|
854
|
### Authorizing tables, columns and records
|
854
|
855
|
|
855
|
|
-By default all tables and columns are accessible. If you want to restrict access to some tables you may add the 'authorization' middleware
|
|
856
|
+By default all tables, columns and paths are accessible. If you want to restrict access to some tables you may add the 'authorization' middleware
|
856
|
857
|
and define a 'authorization.tableHandler' function that returns 'false' for these tables.
|
857
|
858
|
|
858
|
859
|
'authorization.tableHandler' => function ($operation, $tableName) {
|
|
@@ -874,6 +875,12 @@ The above example will restrict access to the 'password' field of the 'users' ta
|
874
|
875
|
The above example will disallow access to user records where the username is 'admin'.
|
875
|
876
|
This construct adds a filter to every executed query.
|
876
|
877
|
|
|
878
|
+ 'authorization.pathHandler' => function ($path) {
|
|
879
|
+ return $path === 'openapi' ? false : true;
|
|
880
|
+ },
|
|
881
|
+
|
|
882
|
+The above example will disabled the `/openapi` route.
|
|
883
|
+
|
877
|
884
|
NB: You need to handle the creation of invalid records with a validation (or sanitation) handler.
|
878
|
885
|
|
879
|
886
|
### SQL GRANT authorization
|