Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

All APIs should use permissions #455

Closed
eaquigley opened this issue Jul 9, 2014 · 5 comments
Closed

All APIs should use permissions #455

eaquigley opened this issue Jul 9, 2014 · 5 comments
Assignees
@michbarsinai
Labels
Feature: API Type: Feature a feature request
Milestone
Beta 14 - Dataver...

Comments

@eaquigley
Copy link
Contributor

Author Name: Michael Bar-Sinai (@michbarsinai)
Original Redmine Issue: 3870, https://redmine.hmdc.harvard.edu/issues/3870
Original Date: 2014-04-22
Original Assignee: Michael Bar-Sinai

And, preferably, Commands
@eaquigley eaquigley mentioned this issue Jul 9, 2014
Closed
@raprasad raprasad modified the milestone: Dataverse 4.0: In Review Jul 9, 2014
@eaquigley eaquigley modified the milestones: Dataverse 4.0: Beta 3, Dataverse 4.0: In Review Jul 15, 2014
@eaquigley eaquigley modified the milestones: Beta 3 - Dataverse 4.0, Beta 7 - Dataverse 4.0 Aug 19, 2014
@michbarsinai
Copy link
Member

This will be a chain issue, as I'm not the only one doing APIs. Let's start with my beans and then pass it along.

Bean Status
AbstractApiBean OK
Access OK
Admin Separate issue - see #976
BuiltinUsers OK
Config Waiting (Phil?)
DataTagsAPI OK
DatasetFieldServiceApi Waiting (Leonid?)
Datasets OK
Dataverses OK
DownloadInstanceWriter Waiting (Leonid?)
Files OK
Index Waiting (Phil?)
Mail Waiting (Gustavo?)
Meta Waiting (Leonid?)
MetadataBlocks Not using commands or API keys, but does not reveal any info and can't change anything.
Roles OK
Search Waiting (Phil?)
TestIngest Waiting (Leonid?)
WorldMapRelatedData Waiting
datadeposit I guess not, but need to validate with @raprasad

michbarsinai added a commit that referenced this issue Oct 21, 2014
@michbarsinai
Ongoing work on #455 - making sure API is secure
df7b30b
michbarsinai added a commit that referenced this issue Oct 21, 2014
@michbarsinai
Ongoing work on #455
c7ed283
michbarsinai added a commit that referenced this issue Oct 21, 2014
@michbarsinai
Finalized my part of #455
8fba81f
@michbarsinai
Copy link
Member

Over to Gustavo for re-assignment to other API owners.

@scolapasta
Copy link
Contributor

It really depends on the nature of the API. Admin APIs and index, etc, often cannot use Commands or permissions.

@pdurbin
Copy link
Member

pdurbin commented Nov 14, 2014

For the Index API we could require an API token and further require that the token owner, the AuthenticatedUser, has the "superuser" boolean set to "true".

@scolapasta scolapasta removed this from the Beta 10 - Dataverse 4.0 milestone Dec 19, 2014
@scolapasta scolapasta modified the milestones: Dataverse 4.0: Final, Beta 11 - Dataverse 4.0 Jan 8, 2015
@scolapasta scolapasta modified the milestones: Dataverse 4.0: Final, TEMP, In Review - Dataverse 4.0 Jan 23, 2015
@scolapasta scolapasta modified the milestones: Beta 15 - Dataverse 4.0, In Review - Dataverse 4.0 Feb 11, 2015
@scolapasta scolapasta modified the milestones: Beta 15 - Dataverse 4.0, Beta 14 - Dataverse 4.0, In Review - Dataverse 4.0 Feb 20, 2015
@eaquigley eaquigley modified the milestones: Beta 14 - Dataverse 4.0, In Review - Dataverse 4.0 Feb 24, 2015
@eaquigley eaquigley assigned michbarsinai and unassigned scolapasta Feb 24, 2015
@michbarsinai
Copy link
Member

Closing, as agreed with @scolapasta.
Now that #976 is done, APIs either use permissions or can be blocked.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michbarsinai michbarsinai

Labels
Feature: API Type: Feature a feature request
Projects
None yet
Milestone
Beta 14 - Dataverse 4.0
Development

No branches or pull requests
5 participants
@pdurbin @raprasad @michbarsinai @scolapasta @eaquigley