The current structure of the ResourceRouter and its related methods raises concerns regarding resource editing permissions, particularly in the context of PUT requests. Users may edit a resource without possessing sufficient privileges to access sensitive information.
The solution involves restructuring the code to ensure that users can only modify their own resources. This requires keycloak linkage to the metadata catalogue DB, which introduced in another issue #306.
The current structure of the
ResourceRouter
and its related methods raises concerns regarding resource editing permissions, particularly in the context of PUT requests. Users may edit a resource without possessing sufficient privileges to access sensitive information.The solution involves restructuring the code to ensure that users can only modify their own resources. This requires keycloak linkage to the metadata catalogue DB, which introduced in another issue #306.
_Originally from discussion in https://github.com/aiondemand/AIOD-rest-api/pull/298#discussion_r1576024607_