superset-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [incubator-superset] maudrid commented on issue #10905: How to secure newly added APIs
Date Thu, 17 Sep 2020 14:21:56 GMT

maudrid commented on issue #10905:
URL: https://github.com/apache/incubator-superset/issues/10905#issuecomment-694270193


   @dpgaspar Thanks for you help, I am now a step closer.
   My method now looks like this
   ```python
       @expose('/role/<role>', methods=["POST"])
       @permission_name("AAAAAA")
       @protect()
       @safe
       def role(self, role):
   ```
   After running superset init, I can see the new permission is automatically added to the
Admin role:
   `can AAAAAA on AuthorizationAPI`
   But I still get a 401 error when accessing this method with a user that is in the Admin
role.
   Here is how I call the API:
   ```bash
   curl 'https://mydomain.com/api/v1/authorizationapi/role/BBBB' -H 'Accept: */*' -H 'Authorization:
Bearer eyJ0eX....zls22ebg' -H 'Origin: https://mydomain.com' -H 'Connection: keep-alive' --data-raw
''
   ```
   
   What else should I look at next?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org


Mime
View raw message