•  
     
    story #13669 permission delegation for a read-only site admin (REST)
Summary
Empty
permission delegation for a read-only site admin (REST)
Empty

Overview

In order to do proper indexing with an external engine (like datafari) the API should be crawled by a user with access to all data. However there is no need for this user to modify data.

So we introduce a new top delegated permission "REST Read-only site administrator".

Users with this permission will have the right to read all resources of the platform (basically all GET/OPTIONS) but will have their regular rights for write/update routes (PATCH/POST/PUT/DELETE/...).

This permission only apply to REST resources, the user with "REST Read-only site administrator" permission won't have access to site admin web ui (even in read).

Empty
Empty
Status
Done
Development
  • [ ] Does it involves User Interface? 
  • [ ] Are there any mockups?
  • [ ] Are permissions checked?
  • [ ] Does it need Javascript development?
  • [ ] Does it need a forge upgrade bucket?
  • [ ] Does it need to execute things in system events?
  • [ ] Does it impact project creation (templates)?
  • [ ] Is it exploratory?
Empty
Details
#13669
Manuel Vacelet (vaceletm)
2019-09-17 16:15
2019-07-24 17:30
14572

References
Referencing story #13669

Git commit

tuleap/tuleap/stable

Follow-ups