anno-mw-acl-static
Authorization for anno-stores
ACL Users
-
role
: An optional global role of a user -
id
: The user ID such as their homepage or email address -
perm
: An array of objects of collection-specific roles-
collection
: The collection these roles apply to -
role
: The roles
-
ACL Rules
Rules for authorization are expressed as
sift-rule rules and read as JSON from the
environment variable ANNO_ACL_RULES
.
Rules are an ordered list of CONDITION
-RESULT
-DESCRIPTION
triplets:
-
CONDITION
is a sift query on an object encoding the request context-
method
: One of the methods of anno-store -
anno
: The existing annotation -
newAnno
: The new annotation (in case ofcreate
,revise
) -
user
: The user calling the method, see ACL Users -
collection
: ID of the collection in question. Defaults todefault
-
-
RESULT
istrue
to allow orfalse
to deny the request -
DESCRIPTION
is an optional description of the rule