Ticket #358 (new enhancement) — at Version 7
Resources in REST API
Reported by: | dread | Owned by: | rgrp |
---|---|---|---|
Priority: | major | Milestone: | ckan-v1.5 |
Component: | ckan | Keywords: | |
Cc: | Repository: | ckan | |
Theme: | none |
Description (last modified by rgrp) (diff)
(spun out of ticket:336)
Resource added to model API at:
api/rest/resource
Example model request
GET to: /api/2/rest/resource/a3dd8f64-9078-4f04-845c-e3f047125028
returns:
[{"id": "a3dd8f64-9078-4f04-845c-e3f047125028", "package_id": "b8a325c8-af2a-43f3-8245-9db7d73dfbfe", "URL": "http://scraperwiki.com/lincolnshire-councillors", "format": "CSV", "Description": "Scrape of www.lincs.gov/councillors.pdf by ScraperWiki.", "hash": "", "position": 2 }]
Authorization
- Have it generic (ie. not per resource) and use an action/role on system
- Require all resources to attach to packages an inherit their permissions (i.e. read/write etc if and only read/write on associated packages)
- Introduce Resource in authorization system (requires migration)
Mixed model
Create / Edit: if resource associated to package: check_permissions(package, update) else: check_system_permissions(c.user, model.Action.Resouce Create/Update, model.System)
Change History
comment:2 Changed 4 years ago by dread
- Priority changed from critical to major
- Type changed from enhancement to defect
comment:4 Changed 3 years ago by kindly
- Owner changed from dread to rgrp
- Repository set to ckan
- Theme set to none
comment:5 Changed 3 years ago by kindly
This ticket needs to have a more thorough spec which needs to include.
- Examples of put/post requests to resources and if they are needed.
- Dealing with resources that do not have a related packages in terms of authorization. Do they have a new action? how granular is the authorization? per resource? system level? etc.
- The rules related to authorization for resources attached to packages. i.e you only get read permissions when the related package has read permissions? do they have their own rules?
comment:6 Changed 3 years ago by dread
This ticket was designed only for reading resources, following an ongoing requirement from the Scraperwiki collaboration. Assume PUT/POST is out of scope.
I suggest dealing with resources that aren't attached to packages in an entirely new ticket or CEP, as the implications are wider than this aspect of the API.
Note: See
TracTickets for help on using
tickets.