This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2018-10-07
Channels
- # 100-days-of-code (13)
- # beginners (12)
- # business (6)
- # cider (6)
- # cljdoc (9)
- # cljs-dev (1)
- # cljsrn (4)
- # clojars (4)
- # clojure (31)
- # clojure-dev (12)
- # clojure-uk (11)
- # clojurescript (16)
- # cursive (1)
- # datascript (4)
- # datomic (10)
- # editors (1)
- # figwheel-main (3)
- # graphql (10)
- # lein-figwheel (29)
- # off-topic (1)
- # pedestal (1)
- # re-frame (31)
- # reitit (3)
- # shadow-cljs (27)
- # slack-help (5)
- # spacemacs (1)
- # yada (5)
Why is access control a special case in Yada? Why not implement it, as the Yada docs state in “12.2. Declaring policies across multiple resources”, namely walk the routing tree with a function that augments the resources?
Thinking about it, I think you’re right, I’m mixing up things. Of course you can add :access-control
by walking the tree. What I’m after is, why at all have :access-control
, when it’s just a matter of sending back yet another HTTP status code?
There's quite a lot involved in access control. See the yada blog on authentication. Also, CORS pre-flight requests. Yada implements quite complex semantics from policy statements.