mgr/dashboard: hacking.rst: update controller access control instructions

author Ricardo Dias <rdias@suse.com>

Wed, 6 Jun 2018 14:37:19 +0000 (15:37 +0100)

committer Ricardo Dias <rdias@suse.com>

Tue, 26 Jun 2018 11:28:54 +0000 (12:28 +0100)
author Ricardo Dias <rdias@suse.com>
Wed, 6 Jun 2018 14:37:19 +0000 (15:37 +0100)
committer Ricardo Dias <rdias@suse.com>
Tue, 26 Jun 2018 11:28:54 +0000 (12:28 +0100)
diff --git a/src/pybind/mgr/dashboard/HACKING.rst b/src/pybind/mgr/dashboard/HACKING.rst

index 46efba7407e49fcad4555f1a628c5275ab27d431..9b81a366585a9505c28625af69e822b086883270 100644 (file)
--- a/src/pybind/mgr/dashboard/HACKING.rst
+++ b/src/pybind/mgr/dashboard/HACKING.rst
@@ -505,23 +505,23 @@ same applies to other request types:
  How to restrict access to a controller?
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  
-If you require that only authenticated users can access you controller, just
-add the ``AuthRequired`` decorator to your controller class.
+All controllers require authentication by default.
+If you require that the controller can be accessed without authentication,
+then you can add the parameter ``secure=False`` to the controller decorator.
  
-Example::
+Example:
+
+.. code-block:: python
  
    import cherrypy
-  from ..tools import ApiController, AuthRequired, RESTController
+  from . import ApiController, RESTController
  
  
-  @ApiController('ping2')
-  @AuthRequired()
-  class Ping2(RESTController):
+  @ApiController('ping', secure=False)
+  class Ping(RESTController):
      def list(self):
        return {"msg": "Hello"}
  
-Now only authenticated users will be able to "ping" your controller.
-
  
  How to access the manager module instance from a controller?
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
author	Ricardo Dias <rdias@suse.com>
	Wed, 6 Jun 2018 14:37:19 +0000 (15:37 +0100)
committer	Ricardo Dias <rdias@suse.com>
	Tue, 26 Jun 2018 11:28:54 +0000 (12:28 +0100)