Roundup Tracker - Issues

Message6638

Author rouilj
Recipients ezio.melotti, rouilj, schlatterbeck
Date 2019-09-15.00:12:45
Message-id <1568506366.16.0.680355286718.issue2551058@roundup.psfhosted.org>
In-reply-to
On IRC Ezio suggested using new permissions that could be added via the 
schema.

Cut/Paste:

(2019-09-13 18:12:40) Taggnostr4: rouilj, what about having different 
permissions for the rest api directly in schema.py?
(2019-09-13 18:13:37) Taggnostr4: something like "View-REST" "Edit-
REST" and similar
(2019-09-13 18:15:06) Taggnostr4: for example, what if I want a 
specific bot to be able to access/edit/remove certain data?
(2019-09-13 18:15:40) Taggnostr4: I guess one way would be giving it a 
specific role and generic view/edit permissions and those should apply 
to the rest api too
(2019-09-13 18:18:07) Taggnostr4: there might be use cases where e.g. 
the user should be able to create issues through the web interface, but 
not through the rest api, but should be able to read both from both 
places
(2019-09-13 18:20:33) Taggnostr4: or we might want to prevent access to 
user emails through the rest api but allow it from the web interface
(2019-09-13 18:30:44) Taggnostr4: I'm going afk and fly back home 
tomorrow, but if you write Taggnostr will read once he gets back :)
(2019-09-13 18:31:08) Taggnostr4 left the room (quit: ).
(2019-09-13 19:52:27) rouilj: Taggnostr, so set up a new set of 
permissions like Web Access: Rest Access, XMLRPC Access?
(2019-09-13 19:58:37) rouilj: then you just add those to the User role, 
or create a new role. Yeah that may make more sense. Have to make sure 
Admin gets all the permissions, but that's doable.
(2019-09-13 20:00:38) rouilj: I wonder if that means we do away with 
the on/off config flags for rest and xmlrpc interfaces.... since there 
is no email on/off (or web on-off for that matter)


In this exchange, my response isn't quite enough, but I think Ezio 
could use it. For the user:

  set up a permission that includes rest access and edit rights for
    some fields. Assign this to a role can_change_status_via_rest.

I am not sure if this makes things more complex, e.g. you would need to 
duplicate read access rights from the web interface.
History
Date User Action Args
2019-09-15 00:12:46rouiljsetmessageid: <1568506366.16.0.680355286718.issue2551058@roundup.psfhosted.org>
2019-09-15 00:12:46rouiljsetrecipients: + rouilj, schlatterbeck, ezio.melotti
2019-09-15 00:12:46rouiljlinkissue2551058 messages
2019-09-15 00:12:45rouiljcreate