Authorization checks in server.py

This commit adds a single parameter used in the `config.authorize_callback` that allows the user supplied method to check if an app user is authorized to view the requested app at the given path. Resolves holoviz#3179
ndmlny-qs · Aug 10, 2023 · ade84b9 · ade84b9
1 parent 47c4a05
commit ade84b9
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/panel/io/server.py b/panel/io/server.py
@@ -485,7 +485,7 @@ async def get(self, *args, **kwargs):
                 token = session.token
             logger.info(LOG_SESSION_CREATED, id(session.document))
             with set_curdoc(session.document):
-                if config.authorize_callback and not config.authorize_callback(state.user_info):
+                if config.authorize_callback and not config.authorize_callback(state.user_info, self.request.path):
                     if config.auth_template:
                         with open(config.auth_template) as f:
                             template = _env.from_string(f.read())