#7633 API for has_access

v1.3.0
closed
General
2015-08-20
2014-08-21
No

It would be useful to have an API to run has_access permission checks so that 3rd-party clients can rely on Allura permissions. I think that it would be an API per-tool and per-project including neighborhood-projects (whose API needs some fixing) and that you would need 'admin' access on the project to use the API. It could take a username and role and return a true/false result.

Related

Tickets: #7634

Discussion

  • Igor Bondarenko

    Igor Bondarenko - 2015-05-14
    • labels: allura-api --> allura-api, 42cc
    • status: open --> in-progress
    • assigned_to: Igor Bondarenko
     
  • Igor Bondarenko

    Igor Bondarenko - 2015-05-15
    • status: in-progress --> review
     
  • Dave Brondsema

    Dave Brondsema - 2015-05-18
    • labels: allura-api, 42cc --> allura-api, 42cc, sf-current, sf-2
     
  • Dave Brondsema

    Dave Brondsema - 2015-05-29

    Very nice. Just two ways it could be better. One is getting docs ready for https://sourceforge.net/p/forge/documentation/Allura%20API/. Probably don't need to list it on every endpoint, but could mention it once in a general section (once [#6797] is done it could be a "trait").

    Also the tests are fairly repetitive. It's not necessarily wrong so I'm not saying you have to change this now, but at least in the future consider refactoring for some shared helpers (mixins maybe, like you did for the api functionality itself). Test code is code too, and deserves refactoring.

     

    Related

    Tickets: #6797

  • Dave Brondsema

    Dave Brondsema - 2015-05-29
    • status: review --> in-progress
    • Reviewer: Dave Brondsema
     
  • Igor Bondarenko

    Igor Bondarenko - 2015-06-01

    I did write the documentation for this, but forgot to post it :)

    Here it is:

    Permissions
    
    This is API to run permission checks. It is available on a neighborhood, project and tool level.
    
    Endpoints: 
    
    - Neighborhood: `/rest/p/has_access`
    - Project: `/rest/p/project_name/has_access`
    - Tool: `/rest/p/project_name/mount_point/has_access`
    
    It is only available to users that have 'admin' permission for corresponding neighborhood/project/tool.  It requires `user` and `perm` parameters and will return JSON dict with `result` key, which contains boolean value, indicating if given `user` has `perm` permission to the neighborhood/project/tool.
    
    E.g.:
    
    - `GET /rest/p/test/wiki/has_access?user=admin1&perm=create`
        - returns `{ result: true }`
    - `GET /rest/p/test/wiki/has_access?user=user01&perm=create`
        - returns `{ result: false }`
    

     

    I agree that test are repetitive, I'll try to refactor this kind of stuff in the future. If you ok with these tests as it is you can close the ticket.

     
  • Igor Bondarenko

    Igor Bondarenko - 2015-06-01
    • status: in-progress --> review
     
  • Dave Brondsema

    Dave Brondsema - 2015-06-01
    • status: review --> closed
     
  • Dave Brondsema

    Dave Brondsema - 2015-06-01
    • labels: allura-api, 42cc, sf-current, sf-2 --> allura-api, 42cc, sf-2
     
  • Igor Bondarenko

    Igor Bondarenko - 2015-06-18
    • Milestone: unreleased --> asf_release_1.3.0
     

Log in to post a comment.