starsz commented on issue #1825: URL: https://github.com/apache/apisix-dashboard/issues/1825#issuecomment-907801158
> Hi @liuxiran, Thanks for sharing the details. > > Since Dashboard is for the authenticated users, we definitely can work on top of the authentication framework by storing another field something similar to `"restrict-full-access": bool` in the etcd for each user. The info gets encoded into the existing jwt and passed to the web-ui / CLI on successful signin. > We will add a middleware or modify the existing one to restrict the protected routes (here ig HTTP methods, allow only GET requests, no POST, PUT, PATCH or DELETE). > And for the frontend part, we can cache the info in a react state while receiving the jwt from the backend and perform all sorts of restrictions. > > Let me know how this sounds (also @nic-chen @starsz). I would love to hear from you. Thanks. That sounds good. Maybe we can discuss this in the email list. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
