Open TomasKulhanek opened 6 years ago
Proposal:
we need to add some attribute that the project is e.g. available for anybody with link Frontend will recognize that the URL doesn't link to any of his projects, so subsequent call to backend REST API is made with projectID to get details - it is returned only if 1) is true (set by user) we may log who access this project/datasets
I can simply add an attribute ‘shareable' to the project and an hash of 5 character like bitly and a service like /sharedProject/Eddf5 to access it, for the login we can use social network login in order to take trace of the access
Andrea
On 11 Jan 2018, at 11:56, Tomas Kulhanek notifications@github.com wrote:
Assigned #14 https://github.com/h2020-westlife-eu/wp6-repository/issues/14 to @andreagia https://github.com/andreagia.
— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/h2020-westlife-eu/wp6-repository/issues/14#event-1419525052, or mute the thread https://github.com/notifications/unsubscribe-auth/AMaWiQeacNk9Qm0Iji516-Knix6ftgJvks5tJejPgaJpZM4RaqcK.
[ ] @andreagia backend authorization. Do you have some support for authorizing requests in Spring framework? Can you do that on /project/[id]? and /dataset/[id]
[ ] @tomaskulhanek frontend, allow share project/dataset to all/selected users/nobody need to define authorization for projects and datasets to allow access to 1) all 2) selected users/groups 3) nobody
Using spring ACL I will try to secure these methods
On 16 Feb 2018, at 14:46, Tomas Kulhanek notifications@github.com wrote:
Do you have some support for authorizing requests in Spring framework? Can you do that on /project/[id]? and /dataset/[id]
After that frontend need to define authorization for projects and datasets to allow access to 1) all 2) selected users/groups 3) nobody
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/h2020-westlife-eu/wp6-repository/issues/14#issuecomment-366239146, or mute the thread https://github.com/notifications/unsubscribe-auth/AMaWieQ2m_U_ZruDeOBITXWLLVbRhsDSks5tVYbOgaJpZM4RaqcK.
ACL on these methods - OK.
Need to decide/design API when user generates URL of project and send it to somebody else. Somebody else currently can't view the project - as URL doesn't return the project and datasets available. Frontend currently shows the projects owned by user - not by others.
Proposal: Option 1)
Option 2)