mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-21 16:06:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 26

security: Enable authorize plugins to grant modify-only access

Browse source
This commit is contained in:
Richard Hansen 2020-09-11 19:46:47 -04:00 committed by John McLear
parent 6ed11b7605
commit 02757079c0
4 changed files with 66 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

10
doc/api/hooks_server-side.md
View file

@ -253,8 +253,8 @@ following are true:
For pre-authentication invocations of your authorize function, you can pass the
following values to the provided callback:
* `[true]` or `['create']` will immediately grant access without requiring the
user to authenticate.
* `[true]`, `['create']`, or `['modify']` will immediately grant access without
requiring the user to authenticate.
* `[false]` will trigger authentication unless authentication is not required.
* `[]` or `undefined` will defer the decision to the next authorization plugin
(if any, otherwise it is the same as calling with `[false]`).
@ -267,7 +267,11 @@ public.
For post-authentication invocations of your authorize function, you can pass the
following values to the provided callback:
* `[true]` or `['create']` will grant access.
* `[true]` or `['create']` will grant access to modify or create the pad if the
request is for a pad, otherwise access is simply granted. (Access will be
downgraded to modify-only if `settings.editOnly` is true.)
* `['modify']` will grant access to modify but not create the pad if the
request is for a pad, otherwise access is simply granted.
* `[false]` will deny access.
* `[]` or `undefined` will defer the authorization decision to the next
authorization plugin (if any, otherwise deny).