Service permissions when using controller mapping


#1

Enonic version: 7.0.2
OS: Linux

Hi!
I have create a service and mapped it’s controller in site.xml.
The service.xml looks like this:

<service>
  <allow>
    <principal>role:system.admin</principal>
  </allow>
</service>

The mapping looks the following:

<mapping controller="/services/service/service.js" order="10">
  <pattern>/service</pattern>
</mapping>

When I enter it via
https://www.site.com/_/service/com.user.project/service, everything works as expected.
However if I open it via
https://www.site.com/service, I can enter it even if I am an anonymous user.


#2

Hi!
A mapping, and a service are two different kinds of things, the mapping is pointing to the control ler, not the service - so it does not matter what you declare in the service definition


#3

Also, calling a service “service” is most likely bad practice :wink:


#4

Hi!

Thanks for a reply.

What is the best practice to implement pages like “search”, “cart”, “checkout”, etc.?
Currently I used service, but the urls were not nice? Is it better to “beautify” url somehow or use some other stuff from XP?


#5

Any reason why you need “Nice” URLs for this? We recommended building APIs with Graphql. If you need a nice endpoint, use mapping :slight_smile:


#6

This is not an API. It is a page with a template, which can be seen by a user in a browser.
I used PayUp application as an example for this:

I will think a little bit more about how to make it better. :wink:
Thanks for advises. :slight_smile: