This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2016-01-11
Channels
- # admin-announcements (8)
- # announcements (1)
- # boot (343)
- # braid-chat (23)
- # cider (20)
- # clara (5)
- # cljsrn (48)
- # clojars (5)
- # clojure (90)
- # clojure-canada (3)
- # clojure-czech (1)
- # clojure-russia (107)
- # clojure-sg (2)
- # clojurebridge (2)
- # clojured (10)
- # clojurescript (70)
- # community-development (73)
- # cursive (106)
- # datavis (40)
- # datomic (40)
- # docs (4)
- # editors (1)
- # emacs (1)
- # events (4)
- # funcool (2)
- # hoplon (46)
- # jobs (2)
- # ldnclj (11)
- # mount (8)
- # om (214)
- # onyx (12)
- # re-frame (35)
- # reagent (31)
- # spacemacs (12)
- # yada (18)
@nha: thanks, I ended up with something very similar. I included the POST output coercion as well.
hey @malcolmsparks how stable dyu think the 1.1 api is now ? is it worth me porting all my 1.0 resources (about 30 of 'em) now, or should i wait a bit (i don't want to get too far behind, but i do want to minimise churn right now) ?
the only unstable part right now is security authentication and authorization, I'm still tinkering with the resource-model there - but that's not going to affect you. The overall resource-model is stable now
I'm preparing a release that has basic, digest, bearer (oauth2) and cookie authentication - and an optional RBAC authorization scheme
A bit more docs on the upload stuff is coming, but the phonebook example is a good reference in the absence of docs
do you need security?
authentication is no prob - i ended up using JWS tokens and a ring middleware... and my authorization is ad-hoc atm, so also no prob... RBAC probably won't cut it for me anyway, at least not on it's own, since many decisions revolve around group memberships
are your authorization decisions based on resource properties or purely request info?
resource properties
I'm thinking about abac too - yada currently supports both because the authorization interceptor is after the resource property load, so they're in the context - just a matter of desiging the right API around it
you can, of course, mess with the interceptor chain prior to making a handler
i.e. things like what is a user's role in their membership of some group
I recommend trying the new yada (on a branch!)
It's pretty much done now
cool, i'll do that thanks @malcolmsparks
let me know how it goes and how to best support you
plus any questions
always 😉