-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
views: integrate API authentication/access control #14
Comments
* NEW Adds customizable access control to record views. Allow configuring different permissions per endpoint. (reference inveniosoftware#14) Signed-off-by: Nicolas Harraudeau <[email protected]>
* NEW Adds customizable access control to record views. Allow configuring different permissions per endpoint. (reference inveniosoftware#14) Signed-off-by: Nicolas Harraudeau <[email protected]>
* NEW Adds customizable access control to record views. Allow configuring different permissions per endpoint. (reference inveniosoftware#14) Signed-off-by: Nicolas Harraudeau <[email protected]>
* NEW Adds customizable access control to record views. Allow configuring different permissions per endpoint. (reference inveniosoftware#14) Signed-off-by: Nicolas Harraudeau <[email protected]>
* NEW Adds customizable access control to record views. Allow configuring different permissions per endpoint. (reference inveniosoftware#14) Signed-off-by: Nicolas Harraudeau <[email protected]>
* NEW Adds customizable access control to record views. Allow configuring different permissions per endpoint. (reference inveniosoftware#14) Signed-off-by: Nicolas Harraudeau <[email protected]>
* NEW Adds customizable access control to record views. Allow configuring different permissions per endpoint. (reference inveniosoftware#14) Signed-off-by: Nicolas Harraudeau <[email protected]>
* NEW Adds customizable access control to record views. Allow configuring different permissions per endpoint. (reference inveniosoftware#14) Signed-off-by: Nicolas Harraudeau <[email protected]>
* NEW Adds customizable access control to record views. Allow configuring different permissions per endpoint. (reference inveniosoftware#14) Signed-off-by: Nicolas Harraudeau <[email protected]>
* NEW Adds customizable access control to record views. Allow configuring different permissions per endpoint. (reference inveniosoftware#14) Signed-off-by: Nicolas Harraudeau <[email protected]>
* NEW Adds customizable access control to record views. Allow configuring different permissions per endpoint. (reference inveniosoftware#14) Signed-off-by: Nicolas Harraudeau <[email protected]>
* NEW Adds customizable access control to record views. Allow configuring different permissions per endpoint. (reference inveniosoftware#14) Signed-off-by: Nicolas Harraudeau <[email protected]>
* NEW Adds customizable access control to record views. Allow configuring different permissions per endpoint. (reference inveniosoftware#14) Signed-off-by: Nicolas Harraudeau <[email protected]>
* NEW Adds customizable access control to record views. Allow configuring different permissions per endpoint. (addresses inveniosoftware#14) Signed-off-by: Nicolas Harraudeau <[email protected]>
* NEW Adds customizable access control to record views. Allow configuring different permissions per endpoint. (addresses inveniosoftware#14) Signed-off-by: Nicolas Harraudeau <[email protected]>
* NEW Adds customizable access control to record views. Allow configuring different permissions per endpoint. (addresses inveniosoftware#14) Signed-off-by: Nicolas Harraudeau <[email protected]>
@lnielsen do you think we reached the result? |
? |
Should it be done by the permission factories? (see https://github.com/zenodo/zenodo/blob/master/zenodo/config.py#L392) |
@lnielsen I am not sure how we can have oauth2 scopes in invenio-records-rest given that it is used in different modules. Shouldn't we have different scopes for the published records and the deposits? I planned to check the scopes directly in the permission factories as recommended by @jirikuncar (at least that's what I understood). |
Yes, it should be done by permission factories, but perhaps we should provide some default scopes to rely on and which are easy to integrate? Just thinking that right now, you can get an access token for deposit, and use that you read records, files, etc. which a user might not want a third-party to do. For scopes I'm thinking something simple as either just |
@lnielsen So you mean implementing optional scopes like here without creating any permission factory? If so, I like the idea. Having a Note: @jirikuncar WDYT? |
@nharraud possible the |
@lnielsen I am not sure that as an admin I would give access to the "force" delete operation to any script. Most of the scripts would just get the right to fix/migrate records. |
@nharraud Yes, hence you shouldn't delegate |
The text was updated successfully, but these errors were encountered: