davidraker
commented
2 years ago I can document it.
I've been thinking about this for a while, though, and I really think this needs some type of system to be implemented. Really, there ought to be more fine-grained permissions than just having full access to the API. For instance, we might want a user to be able to use endpoints for devices or history but not to make configuration changes. I haven't implemented anything like that in the API because, while it would be trivial to check more specific claims, it would get cumbersome really quickly if you need to manually add all the groups to the web-users.json file for each user. There should definitely be a config system for adding users and permissions for them. It needn't be specific to the API, either. It might usefully apply to OS users as well.
-------- Original message -------- From: Craig @.> Date: 1/28/22 22:32 (GMT-05:00) To: VOLTTRON/volttron @.> Cc: "Raker, David M" @.>, Mention @.> Subject: [EXTERNAL] [VOLTTRON/volttron] document rest api group (Issue #2862)
https://volttron.readthedocs.io/en/develop/platform-features/web-api/authentication-endpoints.htmlhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fvolttron.readthedocs.io%2Fen%2Fdevelop%2Fplatform-features%2Fweb-api%2Fauthentication-endpoints.html&data=04%7C01%7CDavid.Raker%40rockets.utoledo.edu%7Cd20b432c479e468816a408d9e2d80832%7C1d6b1707baa94a3da8f8deabfb3d467b%7C0%7C0%7C637790239757704742%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=rKX9IEO2neHhaX5noh9p4UUInCC0pn6eNYsQn7vyDuw%3D&reserved=0 documents the authentication endpoint.
However how to add a group to a user is undocumented. Also, vui group is hidden in the bowels of the code.
I am wondering if we should have an ACL editor or something with volttron. Thoughts @jhaackhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fjhaack&data=04%7C01%7CDavid.Raker%40rockets.utoledo.edu%7Cd20b432c479e468816a408d9e2d80832%7C1d6b1707baa94a3da8f8deabfb3d467b%7C0%7C0%7C637790239757704742%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=kj50lmQubSqkCkpWYfUfNOWg6Pqfrov7Ra8uPhlIYPA%3D&reserved=0, @shwethaniddhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fshwethanidd&data=04%7C01%7CDavid.Raker%40rockets.utoledo.edu%7Cd20b432c479e468816a408d9e2d80832%7C1d6b1707baa94a3da8f8deabfb3d467b%7C0%7C0%7C637790239757704742%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=f%2BPy6iTww4Oav4pg9q1xLOqvdbUyUoLA5RPS0SQRl04%3D&reserved=0 @schandrikahttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fschandrika&data=04%7C01%7CDavid.Raker%40rockets.utoledo.edu%7Cd20b432c479e468816a408d9e2d80832%7C1d6b1707baa94a3da8f8deabfb3d467b%7C0%7C0%7C637790239757704742%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Wjt2RMYccT%2Bz%2Bx9SSR8gNiZPz6Hhgo8zvMaZKXkaCrc%3D&reserved=0 ???
@davidrakerhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fdavidraker&data=04%7C01%7CDavid.Raker%40rockets.utoledo.edu%7Cd20b432c479e468816a408d9e2d80832%7C1d6b1707baa94a3da8f8deabfb3d467b%7C0%7C0%7C637790239757704742%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=VwhJHEosXlGxXXoHr5WQQuAfyRmbMS952D%2FainmmzfQ%3D&reserved=0 Can you take care of this documentation?
— Reply to this email directly, view it on GitHubhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FVOLTTRON%2Fvolttron%2Fissues%2F2862&data=04%7C01%7CDavid.Raker%40rockets.utoledo.edu%7Cd20b432c479e468816a408d9e2d80832%7C1d6b1707baa94a3da8f8deabfb3d467b%7C0%7C0%7C637790239757704742%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=mrwVPsqY4LgwAllGm3QzslSbpn%2FM39KXjut3b6IW8Lc%3D&reserved=0, or unsubscribehttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAGXWOAEHSVKOVH7RMCHIKUDUYNNWJANCNFSM5NCK63MA&data=04%7C01%7CDavid.Raker%40rockets.utoledo.edu%7Cd20b432c479e468816a408d9e2d80832%7C1d6b1707baa94a3da8f8deabfb3d467b%7C0%7C0%7C637790239757704742%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=ogCrSpnHMRmKak3qb2GhH8bzYNho4c84mEAiM%2FFgb%2FY%3D&reserved=0. Triage notifications on the go with GitHub Mobile for iOShttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.apple.com%2Fapp%2Fapple-store%2Fid1477376905%3Fct%3Dnotification-email%26mt%3D8%26pt%3D524675&data=04%7C01%7CDavid.Raker%40rockets.utoledo.edu%7Cd20b432c479e468816a408d9e2d80832%7C1d6b1707baa94a3da8f8deabfb3d467b%7C0%7C0%7C637790239757704742%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=o9wHW79v5ZPTWogsz%2FlDiyz2HjiduT9D5FMEV5l%2Bjqo%3D&reserved=0 or Androidhttps://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.github.android%26referrer%3Dutm_campaign%253Dnotification-email%2526utm_medium%253Demail%2526utm_source%253Dgithub&data=04%7C01%7CDavid.Raker%40rockets.utoledo.edu%7Cd20b432c479e468816a408d9e2d80832%7C1d6b1707baa94a3da8f8deabfb3d467b%7C0%7C0%7C637790239757704742%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=J6upwLhs%2FKlj8gZcYle2IfElf4AIjjtz%2FUxt4kqw6EE%3D&reserved=0. You are receiving this because you were mentioned.Message ID: @.***>
craig8
https://volttron.readthedocs.io/en/develop/platform-features/web-api/authentication-endpoints.html documents the authentication endpoint.
However how to add a group to a user is undocumented. Also, vui group is hidden in the bowels of the code.
I am wondering if we should have an ACL editor or something with volttron. Thoughts @jhaack, @shwethanidd @schandrika ???
@davidraker Can you take care of this documentation?