How to set up rules to acces only by one record?


#1

Hi,
I am using Bitnami DreamFactory 2.14.1-7 vmdk
I need to restrinct Querying by a single record, by ID (or other parameter), NOT to allow to list all table (!!).

In [Roles] set up rules :
Service = MySQL
Component = /api/v2/mysql/_table/todo/*

I’m expecting the result :
/api/v2/mysql/_table/todo = “Unauthorized. User is not authenticated.”
/api/v2/mysql/_table/todo/* = OK

Unfortunatly the result “/api/v2/mysql/_table/todo” works and list all table.
What I do wrong ?
How to fix it ?
How to set up rules to acces only by one record ?
Thanks.


#2

If you only allow /api/v2/mysql/_table/todo/*, that should work. If /api/v2/mysql/_table/todo is still allowed, check all your permissions, user level too, it is probably still allowed somewhere. A dirty workaround could be to add a filter to /api/v2/mysql/_table/todo, one that allows nothing through.