Combination of access restriction for api_users and ip does not work properly
Issue #36
closed
Reading the documentation for the Access annotation, I would think that a combination of
Api\Access("api_users") and Api\Access("[ip:..]") would work.
@Api\Access("ip[89.19.,89.20.]") | Limit to certain IPs (ADDITIONALLY to fe_user etc.)
In my case, the "api_users" are defined by global API-users via basic auth in the extension settings.
Each authentication works on its own, but in combination it does not, although the documentation reads:
Comments (2)
-
-
- changed status to closed
- Log in to comment
Sorry, misleading in the documentation. There should only be ONE @Api\Access line per method.