Actions
Task #3475
closedIdea #3532: [Keep] Keepstore queries API server to verify tokens
Consult API server for user's admin status and scopes.
Status:
Closed
Priority:
Normal
Assigned To:
-
Target version:
-
Description
To determine whether a user is authorized to delete blocks, Keep must ask the API server for their user record and for their api_client_authorization,
Method IsAdmin(api_token): return true if the api_token is associated with a user whose is_admin field is true.
Method HasUnlimitedScope(api_token): return true if the api_client_authorization record for this api_token includes the string "all" in its "scopes" field.
Actions