Public project URL available for other users

[TomasKulhanek]

Need to decide/design API when user generates URL of project and send it to somebody else. Somebody else currently can't view the project - as URL doesn't return the project and datasets available. Frontend currently shows the projects owned by user - not by others.

Proposal: Option 1)

• Frontend will recognize that the URL doesn't link to any of his projects, so subsequent call to backend REST API is made with projectID to get details - it is returned even the user doesn't have permission on it

Option 2)

• we need to add some attribute that the project is e.g. available for anybody with link
• Frontend will recognize that the URL doesn't link to any of his projects, so subsequent call to backend REST API is made with projectID to get details - it is returned only if previous is true for the project (set by owner)
• we may log who access this project/datasets

[andreagia]

Proposal:

we need to add some attribute that the project is e.g. available for anybody with link Frontend will recognize that the URL doesn't link to any of his projects, so subsequent call to backend REST API is made with projectID to get details - it is returned only if 1) is true (set by user) we may log who access this project/datasets

I can simply add an attribute ‘shareable' to the project and an hash of 5 character like bitly and a service like /sharedProject/Eddf5 to access it, for the login we can use social network login in order to take trace of the access

Andrea

On 11 Jan 2018, at 11:56, Tomas Kulhanek notifications@github.com wrote:

Assigned #14 https://github.com/h2020-westlife-eu/wp6-repository/issues/14 to @andreagia https://github.com/andreagia.

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/h2020-westlife-eu/wp6-repository/issues/14#event-1419525052, or mute the thread https://github.com/notifications/unsubscribe-auth/AMaWiQeacNk9Qm0Iji516-Knix6ftgJvks5tJejPgaJpZM4RaqcK.

[TomasKulhanek]

• [ ] @andreagia backend authorization. Do you have some support for authorizing requests in Spring framework? Can you do that on /project/[id]? and /dataset/[id]

• [ ] @tomaskulhanek frontend, allow share project/dataset to all/selected users/nobody need to define authorization for projects and datasets to allow access to 1) all 2) selected users/groups 3) nobody

[andreagia]

Using spring ACL I will try to secure these methods

On 16 Feb 2018, at 14:46, Tomas Kulhanek notifications@github.com wrote:

Do you have some support for authorizing requests in Spring framework? Can you do that on /project/[id]? and /dataset/[id]

After that frontend need to define authorization for projects and datasets to allow access to 1) all 2) selected users/groups 3) nobody

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/h2020-westlife-eu/wp6-repository/issues/14#issuecomment-366239146, or mute the thread https://github.com/notifications/unsubscribe-auth/AMaWieQ2m_U_ZruDeOBITXWLLVbRhsDSks5tVYbOgaJpZM4RaqcK.

[TomasKulhanek]

ACL on these methods - OK.

• [ ] These methods are not ready yet on backend.
• [ ] need instruction on how the authorization can be managed by frontend. ACL on /project /dataset - we may include projects and datasets which the user has access.