authenticate only certain routes

[jonshutt]

Hello,

I'm using the authentication and login stuff, which is working fine. However, I need one route to be open to anyone, not just logged in members.

`Member:
extensions:
- RESTfulAPI_TokenAuthExtension

RESTfulAPI:
authentication_policy: true
access_control_policy: 'ACL_CHECK_CONFIG_AND_MODEL'
dependencies:
authenticator: '%$RESTfulAPI_TokenAuthenticator'
cors:
Enabled: true
Allow-Origin: ''
Allow-Headers: ''
Allow-Methods: 'GET,POST'
Max-Age: 86400
RESTfulAPI_TokenAuthenticator:
tokenOwnerClass: 'Member'

Mountain:
api_access: 'GET'

Log:
api_access: 'GET,POST'`

I'd like the 'Log' dataobject to require the authentication, but the 'mountain' dataobject should be open to everyone.

Is this possible?

[colymba]

Hey @jonshutt sorry for leaving you hanging with no answer...

Right now this is not possible with just a straight forward config. To get one API route with Auth and another without or just for some models, I see 2 solutions:

1. Extend RESTfulAPI to something like OpenRESTfulAPI and disable Auth on its config. Then add a director route with something like 'openapi': 'OpenRESTfulAPI'
2. Or extend RESTfulAPI_TokenAuthExtension and override authenticate to always return true for certain models

Extending RESTfulAPI might cleaner in the end, if you are ok to have 2 different api routes.