-
Notifications
You must be signed in to change notification settings - Fork 2
Access Control API
Soumya Brahma edited this page Feb 6, 2016
·
2 revisions
Research Object has one author (creator) and this is a start point. Research object can have many contributors as well as be totally private, be read-only and so on. Everything depends on the Research Object mode defined by creator and permission granted by him.
- PRIVATE - private mode makes Research Object invisible for everyone who doesn't have specific permissions. Access to private ROs is given by permission links. The permission link is generated by author of RO for a particular user to let them read or edit.
- PUBLIC - public is a default mode. It makes Research Object visible and readable for everyone. People with the contributor role can edit.
- OPEN - It makes Research Object visible, readable and editable for everyone.
- OWNER - Can change Research Object mode, grant permission, delete Research Object and edit.
- EDITOR - Can read and edit (Can upload new resources to Research Object and edit those already existing).
- READER - Can read (Can search for Research Objected and its annotations. Can also download a Research Object or particular resource aggregated in this Research Object).
For simplicity, in the first implementation permissions can be applied only to Research Objects. The implementation and API should be easy to extend on other containers (folders) or even single resources if it's needed. In general in this concept everything what has own uri can be protected by access control policy if it's needed.
C: POST http://example.com/accesscontrol/permissions/ HTTP/1.1 C: Content-Type: application/json C: Authorization: Bearer 47d5423c-b507-4e1c-7 C: C: { C: "ro": "http://example.com/ROs/ro-id/", C: "user": "http://myopenid.wf4ever-contributor", C: "role": EDITOR C: } S: HTTP/1.1 201 Created S: Content-Type: application/json S: Location: http://example.com/ROs/permissions/1 S: S: { S: "uri": "http://example.com/accesscontrol/permissions/1/", S: "ro": "http://example.com/ROs/ro-id/", S: "user": "http://myopenid.wf4ever-contributor", S: "role": EDITOR, S: } S:
C: DELETE /accesscontrol/permissions/1/ HTTP/1.1 C: Host: example.com C: Authorization: Bearer h480djs93hd8 S: HTTP/1.1 204 No Content
C: GET /accesscontrol/permissions/1/ HTTP/1.1 C: Host: example.com C: Accept: application/json C: Authorization: Bearer h480djs93hd8 S: HTTP/1.1 200 OK S: Content-Type: application/json S: S: { S: "uri": "http://example.com/accesscontrol/permissions/1/", S: "ro": "http://example.com/ROs/ro-id/", S: "user": "http://myopenid.wf4ever-reader", S: "role": READER S: } C: GET /accesscontrol/permissions?ro=http://example.com/ROs/ro-id HTTP/1.1 C: Host: example.com C: Accept: application/json C: Authorization: Bearer h480djs93hd8 S: HTTP/1.1 200 OK S: Content-Type: application/json S: S: [ S: { S: "uri": "http://example.com/accesscontrol/permissions/1/", S: "ro": "http://example.com/ROs/ro-id/", S: "user": "http://myopenid.wf4ever-contributor", S: "role": EDITOR S: }, S: { S: "uri": "http://example.com/accesscontrol/permissions/2/", S: "ro": "http://example.com/ROs/ro-id/", S: "user": "http://myopenid.wf4ever-reader", S: "role": READER S: } S: ]
C: POST http://example.com/accesscontrol/modes/ HTTP/1.1 C: Content-Type: application/json C: Authorization: Bearer 47d5423c-b507-4e1c-7 C: C: { C: "ro": "http://example.com/ROs/ro-id/", C: "mode": PUBLIC C: } S: HTTP/1.1 201 Created S: Content-Type: application/json S: Location: http://example.com/ROs/modes/1 S: { S: "uri": http://example.com/accesscontrol/modes/1/, S: "ro": "http://example.com/ROs/ro-id/", S: "mode": PUBLIC S: }
C: GET /accesscontrol/modes/1/ HTTP/1.1 C: Host: example.com C: Accept: application/json C: Authorization: Bearer h480djs93hd8 S: HTTP/1.1 200 OK S: Content-Type: application/json S: S: { S: "uri": http://example.com/accesscontrol/modes/1/, S: "ro": "http://example.com/ROs/ro-id/", S: "mode": PUBLIC S: } C: GET /accesscontrol/mdoes?ro=http://example.com/ROs/ro-id HTTP/1.1 C: Host: example.com C: Accept: application/json C: Authorization: Bearer h480djs93hd8 S: HTTP/1.1 200 OK S: Content-Type: application/json S: S: { S: "uri": http://example.com/accesscontrol/modes/1/, S: "ro": "http://example.com/ROs/ro-id/", S: "mode": PUBLIC S: }
C: POST http://example.com/accesscontrol/permissionlinks/ HTTP/1.1 C: Content-Type: application/json C: Authorization: Bearer 47d5423c-b507-4e1c-7 C: C: { C: "ro": "http://.com/ROs/ro-id/", C: "user": "http://myopenid.wf4ever-contributor", C: "role": EDITOR C: } S: HTTP/example1.1 201 Created S: Content-Type: application/json S: Location: http://example.com/ROs/permissionlinks/1 S: S: { S: "uri": "http://example.com/accesscontrol/permissionlinks/1/", S: "ro": "http://example.com/ROs/ro-id/", S: "user": "http://myopenid.wf4ever-contributor", S: "role": EDITOR, S: "permissionlink": "http://example.com/ROs/asdasd-43w24-fds/" S: } S:
C: DELETE /accesscontrol/permissionlinks/1/ HTTP/1.1 C: Host: example.com C: Authorization: Bearer h480djs93hd8 S: HTTP/1.1 204 No Content
C: GET /accesscontrol/permissionlinks/1/ HTTP/1.1 C: Host: example.com C: Accept: application/json C: Authorization: Bearer h480djs93hd8 S: HTTP/1.1 200 OK S: Content-Type: application/json S: S: { S: "uri": "http://example.com/accesscontrol/permissionlinks/1/", S: "ro": "http://example.com/ROs/ro-id/", S: "user": "http://myopenid.wf4ever-reader", S: "role": READER, S: "permissionlink": "http://example.com/ROs/asdasd-43w24-fds/" S: } C: GET /accesscontrol/permissionlinks?ro=http://example.com/ROs/ro-id HTTP/1.1 C: Host: example.com C: Accept: application/json C: Authorization: Bearer h480djs93hd8 S: HTTP/1.1 200 OK S: Content-Type: application/json S: S: [ S: { S: "uri": "http://example.com/accesscontrol/permissionlinks/1/", S: "ro": "http://example.com/ROs/ro-id/", S: "user": "http://myopenid.wf4ever-contributor", S: "role": EDITOR, S: "permissionlink": "http://example.com/ROs/asdasd-43w24-fds/" S: }, S: { S: "uri": "http://example.com/accesscontrol/permissionlinks/2/", S: "ro": "http://example.com/ROs/ro-id/", S: "user": "http://myopenid.wf4ever-reader", S: "role": READER, S: "permissionlink": "http://example.com/ROs/asdasd-43w24-fds/" S: } S: ]