Project

General

Profile

Actions

Task #2662

closed

Idea #1904: User can get a no-auth-required link to an Arvados object, i.e., turn on "anyone with the link can view" permission

Workbench can get an API token, good for reading only one object

Added by Brett Smith over 10 years ago. Updated over 10 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:

Description

The API token will be "for" the current user, with very limited scope. The token should be persisted, so that the user can expire it later if desired.

TBD:
  • How much of this work happens in the API server, and how much in Workbench?
Actions #1

Updated by Brett Smith over 10 years ago

In #arvados we hashed out how we want scopes to work.

  • They take the form of VERB PATHSPEC, unless they're a special one like the current 'all'.
  • VERB is an HTTP verb.
  • PATHSPEC is matched against the path of the API request. If PATHSPEC ends with /, the request must start with PATHSPEC. Otherwise, the path must equal PATHSPEC.

Notes:

  • To grant multiple permissions to the same resource, make multiple scopes with the same PATHSPEC but different verbs.
  • To grant full read permission to a collection, including its index and all its contents, specify two scopes, GET /collections/hash and GET /collections/hash/.
Actions #2

Updated by Brett Smith over 10 years ago

  • Status changed from New to In Progress
  • Start date set to 04/18/2014
  • Remaining (hours) changed from 8.0 to 4.0
Actions #3

Updated by Brett Smith over 10 years ago

  • Remaining (hours) changed from 4.0 to 1.0

The branch 1904-object-scopes-wip introduces general scopes to give API tokens limited permissions. Once it's merged, Workbench just has to be taught to make the right queries to get and make these specialized tokens. That teaching work is #2664.

Actions #4

Updated by Brett Smith over 10 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 0 to 100
  • Remaining (hours) changed from 1.0 to 0.0

Applied in changeset arvados|commit:03e570095885982d23e234bce8e1c068314b63af.

Actions

Also available in: Atom PDF