Open AndrewMagliozzi opened 10 years ago
USDE school list is uploaded by Robot/System role. Objects belonging to Robot/System role are only CRUD for Robot/System role. Admins will have Robot/System role.
CRUD implies RBAC.
This ticket should include Role Based Access Controls as part of the design considerations.
On Thu, Jan 2, 2014 at 10:53 PM, Andrew Magliozzi notifications@github.comwrote:
Expose our GET, POST, PUT, and DELETE methods to the world.
(DELETE is only possible for files an agent has uploaded herself)
Courses && Notes
Gotcha: How to deal with USDE school list?
Write documentation first, then build the API to spec.
— Reply to this email directly or view it on GitHubhttps://github.com/FinalsClub/karmaworld/issues/247 .
Btw, Anonymous or Unauthenticated is a common default role for those users who have not signed on (a bit of a special case). As long as we keep that in mind, we can build an RBAC system while still allowing anonymous participation.
On Thu, Jan 2, 2014 at 11:55 PM, Bryan btbonval@gmail.com wrote:
USDE school list is uploaded by Robot/System role. Objects belonging to Robot/System role are only CRUD for Robot/System role. Admins will have Robot/System role.
CRUD implies RBAC.
This ticket should include Role Based Access Controls as part of the design considerations.
On Thu, Jan 2, 2014 at 10:53 PM, Andrew Magliozzi < notifications@github.com> wrote:
Expose our GET, POST, PUT, and DELETE methods to the world.
(DELETE is only possible for files an agent has uploaded herself)
Courses && Notes
Gotcha: How to deal with USDE school list?
Write documentation first, then build the API to spec.
— Reply to this email directly or view it on GitHubhttps://github.com/FinalsClub/karmaworld/issues/247 .
We will need API keys for this to prevent spammers directly modifying our database via API.
We will also want to be some kind of authentication provider. Possibly through OpenID.
That way a client using the API can make requests "on behalf of" a user who has authenticated against Karmanotes. Otherwise the API is representing only itself as a server, which doesn't work well to provide services to users.
Expose our GET, POST, PUT, and DELETE methods to the world.
(DELETE is only possible for files an agent has uploaded herself)
Courses && Notes
Gotcha: How to deal with USDE school list?
Write documentation first, then build the API to spec.