-
New Feature
-
Resolution: Unresolved
-
Medium
-
None
-
None
-
None
In RFC-8040 RESTCONF, it is possible to specify from which datastore user would like to read data using query parameter; example:
GET /rests/data/network-topology:network-topology/topology=topology-netconf/node=test/yang-ext:mount/interfaces:interfaces?content=nonconfig
Another example - selection API (fields query parameter):
GET /rests/data/network-topology:network-topology/topology=topology-netconf/node=test/yang-ext:mount/interfaces:interfaces/interface=l0?fields=config,description
It would be great, if it is possible to specify policy that can restrict access to resources based on content of some query parameter.
Use cases:
- allow to read only operational/config data on selected paths for selected users (this was probably possible in DRAFT-02 RESTCONF, since datastore specification is part of URI)
- for selected resources, user must specify fields query parameter that matches some pattern - it is not possible to read 'whole' subtree
Note: Such feature is probably out-of-scope of http://shiro.apache.org/web.html.