I note that there is a PERMISSIONS dictionary that is employed during
the getAuthPermissions() method during the authorization.
I had thought that it dictated the subscribe/publish/rpc permissions
granted to an authKey, but, I've come to realize that it doesn't do that
at all. I guess I need to enforce permissions in my rpc and pub/sub
callbacks? So, I probably need to record the authKey and permissions
during the onAuthenticated() callback and reference them in the
rpc/pubsub, is that the idea? I raise a permission type error if access
is attempted but not allowed?
Whether a topic will get dispatched or an endpoint is callable is exclusively controlled via
The permissions dictionary is only for "informational" purposes, and only there to be forwarded to the client during the WAMP-CRA authentication of WAMPv1.
This will likely (need to) change in WAMPv2, since we need dynamic RPC endpoint registration, and for RPC relaying to be possible, this needs to be communicated over WAMP.
Am 07.12.2013 01:19, schrieb Greg Fausak:
You received this message because you are subscribed to the Google
Groups "Autobahn" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to autobahnws+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.