Closed voogt closed 6 months ago
access via the API is a requirement so there must still be a way to get a key - think about and propose a solution here and discuss with client too before implementing
Hi @gubuntu I'm referring to this bit here If you generate an api key on your profile you are free to upload files and bypass any restrictions using ckan's api. If I remove this bit from the profile users are still able to upload resources to datasets but they cant use ckan's api as described in this documentation https://docs.ckan.org/en/2.9/maintaining/filestore.html#filestore-api
@gubuntu what was the original requirement for use of the API key?
RF24 and 29 https://github.com/kartoza/ckanext-dalrrd-emc-dcpr/wiki/Functional-Requirements and see the requirements and design docs for more details.
So I think only users with insert and update permissions in the first place should be able to generate and use a key
Update Filestorage API security
file check is added for the following types to not allow upload: