...
The metadata below is for a requirement that only passes if the authenticated user is a particular person. It uses Input Context Objects for some values.
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"endpoints": {
"ExamplesGetSingleProduct": {
"route": {
"httpMethod": "GET",
"segments": {
"examples": {
"isLiteral": true,
"type": "string"
},
"products": {
"isLiteral": true,
"type": "string"
},
"productId": {
"isLiteral": false,
"type": "long"
"security": {
"CurrentPersonIsAiesha": {
"type": "ValueComparer",
"parameters": {
"expectedValue": "1",
"actualValue": "@AuthenticatedAttributes.AuthenticatedPrincipalRecordId"
}
}
}
}
}
}
}
//remaining metadata omitted
}
} |
Why did we add this security block to a route segment instead of the end point endpoint or an input entity field?
If we had put it at the end point endpoint level it would have had no effect. Remember, only one requirement in a collection needs to pass for the entire collection to pass. By default, the framework always adds an authentication requirement to the end point endpoint collection. If this requirement was also at the end point endpoint level we would have and the authenticated person was not person id 1, we would have:
...