On Thu, Jun 14, 2012 at 10:12:40AM +1000, Cees Hek wrote:
Hi Brett,
Authorization is not purely related to authentication. For example
you could authorize access based on an IP Address, or based on the
time of the day. So we can't automatically decline a request just
because they are not
I've been trying to figure out how to affect the order in which these
prerun hooks are processed, and it's escaping me. For now, I just have
to settle to let the runmodes that have no real authz restrictions to
not even be protected (e.g., landing pages) and to just be okay with
those authz pages