•  
     
    story #13669 permission delegation for a read-only site admin (REST)
Summary
Empty
permission delegation for a read-only site admin (REST)
Empty

Overview

In order to do proper indexing with an external engine (like datafari) the API should be crawled by a user with access to all data. However there is no need for this user to modify data.

So we introduce a new top delegated permission "REST Read-only site administrator".

Users with this permission will have the right to read all resources of the platform (basically all GET/OPTIONS) but will have their regular rights for write/update routes (PATCH/POST/PUT/DELETE/...).

This permission only apply to REST resources, the user with "REST Read-only site administrator" permission won't have access to site admin web ui (even in read).

Empty
Empty
Status
Empty
Done
Development
  • [ ] Does it involves User Interface? 
  • [ ] Are there any mockups?
  • [ ] Are permissions checked?
  • [ ] Does it need Javascript development?
  • [ ] Does it need a forge upgrade bucket?
  • [ ] Does it need to execute things in system events?
  • [ ] Does it impact project creation (templates)?
  • [ ] Is it exploratory?
Empty
Details
#13669
Manuel Vacelet (vaceletm)
2019-09-17 16:15
2019-07-24 17:30
14846

References
Referencing story #13669

Git commit

tuleap/tuleap/stable

Add REST read only tests for CustomMetadataTest 8503b484a8
add missing tests get /frs_packages/{id}/frs_release fbb0b61069
Docman REST tests should not use directly user ids 961a28b055
User with REST read only special permission can access all the content through the API 129af08c72
Initialize REST read only user with permission in REST testsuite 0d7bad80bb
Add REST read only tests for artfact_files and artifact_temporaray_files endpoints 96c51f2cab
Add REST read only tests for backlog_items/ d25607e0ac
Add REST read only tests for frs_files/ 3ceb6d5148
Add REST read only tests for artifacts/ 1d9527130e
Add REST read only tests for frs_packages/ 914075227d
Add REST read only tests for docman_embedded_files/ bfbeb9f3f6
Fix broken REST docman test 200ff5e4c2
Add REST read only tests for docman_files/ 6f13686f34
Add REST read only tests for frs_release/ f0f1a0dab4
Add REST read only tests for gerrit/ ed96b47e71
Add REST read only tests for docman_folders/ 374b17efee
Add REST read only tests for kanban/ b9dc7c89ea
Fix missing OPTION for kanban rest route 00939fe4f3
Correct REST test for OPTIONS /kanban for admin users 0cc9442a67
Add REST read only tests for git/ 4588d9f19c
Add REST read only tests for docman_items/ 80572ba721
Add REST read only tests for DocmanProjectService 56f91eee81
Add REST read only tests for docman_links/ f406108ee6
Add REST read only tests for docman_wikis/ e9840beeb6
Add REST read only tests for jwt/ 8d7fa74f2d
Add REST read only tests for kanban_columns/ 91beb2f6cf
Add REST read only tests for kanban_items/ 4290970fb6
Add REST read only tests for phpwiki/ 1171b099f9
Add REST read only tests for plannings/ 56bf85bddf
Add REST read only tests for svn/ 0f9e0a84de
Add REST read only tests for system_event/ 114c0a1d38
Add REST read only tests admin for docman empty documents. 22250bb634
Add REST read only tests for milestones/ af4d9af9df
Add REST read only tests for projects/ (1st part) 80c60fd0d8
Add REST read only tests for tracker_reports b7a7b10eb4
Add REST read only tests for pull_requests/ 41ea4bcfa7
Add REST read only tests for trackers/ 1031718024
Add REST read only tests for tracker_workflow_transition/ f2caa1cd45
Add REST read only tests for projects/ (big file) f8a63cff10
Add REST read only tests for user_memberships/ a7908506e3
Add REST read only tests for users/ 41594de959
Replace the RestUserManager to UserManager in the Timetracking plugin 2a3fae31ef
Add REST read only tests for user_groups/ c5e4c75e57
Replace the RestUserManager with UserManager in ServiceResource 5ff6cd4946
Replace the RestUserManager to UserManager in the TransitionResource.php from Tracker plugin 4ae7656ba0
Replace RestUserManager with UserManager in ChartMessageFetcher 2f7316e744
Replace the RestUserManager with UserManager in UserResources 1374d0d8e6
Add UI to select Rest read only administrator in permission delegation b5e7d4ad1f
Replace the RestUserManager with UserManager in Create Test Env Plugin e440b7ce67
Replace the RestUserManager with UserManager in Tracker 4a9ffc08ec
UI add warning that user should not use web application 72397e9ab1
Cache tracker structures to increase the speed of REST testsuite c495f12997
Put in a dedicated namespace the REST user read only admin rest tests from Artifacts 43b2a122e4
Add an error message when logging in with Read only administrator user 7b0465e2c5
Clean unused public const of DataBuilder 41e06ca499
add missing test POST id/git 6b7afa66ca
Add test for bot user for GET projects/id/frs_service 5fa893fd8c
Add tests for cross_tracker_report f7cdc6b079
add missing tests for DELETE kanban_column/id 9a2dc280a5
Add missing test PUT cards/id for BOT user 4e14830570
Cache TTM first campaing to increase the speed of REST testsuite 7321719c34
Add REST read only tests for ProjectTest 4d6681435c
Add REST read only tests for testmanagement_executions/ e4022aeb41
Add REST read only tests for testmanagement_definitions/ 32177f6f0d
Add REST read only tests for testmanagement_campaigns/ b35b71e338
Add tests for baseline 9fd31571df
Replace the RestUserManager with UserManager in REST context c5eccbdf00

Follow-ups

User avatar
  • Acceptance criteria
    Something went wrong, the follow up content couldn't be loaded
    Only formatting have been changed, you should switch to markup to see the changes