Function workstreams_api::is_authorized

source · [−]

pub(crate) async fn is_authorized(
    req: &Request, 
    env: &Env, 
    ctx: &RouteContext<()>
) -> Result<bool>

Expand description

Checks if the request has an authorization token and if that oken is authorized to access the particular resource. Although complex schemes can be used with the Authorization.resources vector, currently we don’t use that.

The authorization scheme is very simple:

A token that is tied to an Address A, has root access to all resources under /api/v1/users/A. For example, they can create a new workstream, edit an old one or delete, because the workstreams resource is under the following path: /api/v1/users/A/workstreams/.