Add authorization layer to server request handlers #165
+1,355
−98
Commits on Jan 14, 2022
-
-
-
-
-
-
-
- "contents" applies to /view - "terminals" is plural - "server" is scope for shutdown - failed authorization is 403, not 401 - calling it Authorizer instead of AuthorizationManager - 'user' term is more broadly understood than 'subject'. Plus, it always comes from `self.current_user`. - default authorizer that allows all users is AllowAllAuthorizer
-
allow
@authorizedto be used with no arguments- use auth_resource on handler - use http method name for action
-
Commits on Jan 20, 2022
Commits on Jan 31, 2022
Commits on Feb 1, 2022
-
Move Authorizer to existing jupyter_server.auth
since it's a public API packages should import, let's not nest it deep in services.auth.authorizer
Commits on Feb 9, 2022
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.