Idea #10511
Updated by Peter Amstutz about 6 years ago
If not provided by client during "create", set to current user's uuid. If a non-admin user specifies a value other than its own uuid during "create" or "update", fail 403. Consider how permission links could be used to give a user the ability to issue container requests as another user. Containers which are created in response to this container request must issue the auth token for the user @run_as_user_uuid@ (this changes the current behavior using @last_modified_by_uuid@). Related, we determine which user will run a container based on container requests, however we don't store that user in the container record. It can be determined indirectly by looking at the auth_uuid, but only by admin users.