From: Ricardo Dias <rdias@suse.com>
Date: Wed, 6 Jun 2018 14:37:19 +0000 (+0100)
Subject: mgr/dashboard: hacking.rst: update controller access control instructions
X-Git-Tag: v14.0.1~1019^2~4
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=d9cf75ae54d7ae59ed2aaa75528aa3322969183a;p=ceph.git

mgr/dashboard: hacking.rst: update controller access control instructions

Signed-off-by: Ricardo Dias <rdias@suse.com>
---

diff --git a/src/pybind/mgr/dashboard/HACKING.rst b/src/pybind/mgr/dashboard/HACKING.rst
index 46efba7407e4..9b81a366585a 100644
--- a/src/pybind/mgr/dashboard/HACKING.rst
+++ b/src/pybind/mgr/dashboard/HACKING.rst
@@ -505,23 +505,23 @@ same applies to other request types:
 How to restrict access to a controller?
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-If you require that only authenticated users can access you controller, just
-add the ``AuthRequired`` decorator to your controller class.
+All controllers require authentication by default.
+If you require that the controller can be accessed without authentication,
+then you can add the parameter ``secure=False`` to the controller decorator.
 
-Example::
+Example:
+
+.. code-block:: python
 
   import cherrypy
-  from ..tools import ApiController, AuthRequired, RESTController
+  from . import ApiController, RESTController
 
 
-  @ApiController('ping2')
-  @AuthRequired()
-  class Ping2(RESTController):
+  @ApiController('ping', secure=False)
+  class Ping(RESTController):
     def list(self):
       return {"msg": "Hello"}
 
-Now only authenticated users will be able to "ping" your controller.
-
 
 How to access the manager module instance from a controller?
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~