From ade84b98fee1c9202d79c903e08ba0f872aea556 Mon Sep 17 00:00:00 2001
From: Andy maloney <60523020+ndmlny-qs@users.noreply.github.com>
Date: Thu, 10 Aug 2023 11:53:54 -0500
Subject: [PATCH] Authorization checks in server.py

This commit adds a single parameter used in the
`config.authorize_callback` that allows the user supplied method to
check if an app user is authorized to view the requested app at the
given path.

Resolves #3179
---
 panel/io/server.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/panel/io/server.py b/panel/io/server.py
index 0f0eb69e72..3b364a5c83 100644
--- a/panel/io/server.py
+++ b/panel/io/server.py
@@ -485,7 +485,7 @@ async def get(self, *args, **kwargs):
                 token = session.token
             logger.info(LOG_SESSION_CREATED, id(session.document))
             with set_curdoc(session.document):
-                if config.authorize_callback and not config.authorize_callback(state.user_info):
+                if config.authorize_callback and not config.authorize_callback(state.user_info, self.request.path):
                     if config.auth_template:
                         with open(config.auth_template) as f:
                             template = _env.from_string(f.read())