Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security levels for REST API methods #22

Open
osma opened this issue Oct 5, 2017 · 1 comment
Open

Security levels for REST API methods #22

osma opened this issue Oct 5, 2017 · 1 comment
Labels
enhancement
Milestone
Blue Sky

Comments

@osma
Copy link
Member

osma commented Oct 5, 2017

The CLI commands can be run with any user with read access to the configuration file.
But the REST API should have more protection. The levels could be something like this:

  1. Superuser: can do anything
  2. Project configuration: can administer (e.g. using PUT) a specific existing project
  3. Subject administration: can administer the subjects of a specific project
  4. Learning: can perform learning operations on existing subjects of a specific project
  5. Analysis: can perform document analysis, evaluation etc. - read only, no need for protection

How to implement this is left open for now. The Connexion toolkit seems to support OAuth2 access control, which might be used here in some way.
@osma osma added this to the Long term milestone Oct 5, 2017
@osma osma modified the milestones: Long term, Blue Sky Mar 13, 2018
@kinow
Copy link
Collaborator

kinow commented Feb 1, 2019

And once that's implemented in the backend, for the frontend there are libraries like Kindergarten, CASL, that support authorization through permissions/groups.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
Blue Sky
Development

No branches or pull requests
2 participants
@kinow @osma