Ticket #358 (new enhancement) — at Version 7

Opened 4 years ago

Last modified 3 years ago

Resources in REST API

Reported by: dread Owned by: rgrp
Priority: major Milestone: ckan-v1.5
Component: ckan Keywords:
Cc: Repository: ckan
Theme: none

Description (last modified by rgrp) (diff)

(spun out of ticket:336)

Resource added to model API at:

api/rest/resource

Example model request

GET to: /api/2/rest/resource/a3dd8f64-9078-4f04-845c-e3f047125028

returns:

 [{"id": "a3dd8f64-9078-4f04-845c-e3f047125028",
   "package_id": "b8a325c8-af2a-43f3-8245-9db7d73dfbfe",
   "URL": "http://scraperwiki.com/lincolnshire-councillors", 
   "format": "CSV", 
   "Description": "Scrape of www.lincs.gov/councillors.pdf by ScraperWiki.",
   "hash": "", 
   "position": 2
 }]

Authorization

  1. Have it generic (ie. not per resource) and use an action/role on system
  2. Require all resources to attach to packages an inherit their permissions (i.e. read/write etc if and only read/write on associated packages)
  3. Introduce Resource in authorization system (requires migration)

Mixed model

Create / Edit:

if resource associated to package:
    check_permissions(package, update)
else:
    check_system_permissions(c.user, model.Action.Resouce Create/Update, model.System)

Change History

comment:1 Changed 4 years ago by rgrp

  • Milestone v1.1 deleted

comment:2 Changed 4 years ago by dread

  • Priority changed from critical to major
  • Type changed from enhancement to defect

comment:3 Changed 3 years ago by pudo

  • Milestone set to iati-4

comment:4 Changed 3 years ago by kindly

  • Owner changed from dread to rgrp
  • Repository set to ckan
  • Theme set to none

comment:5 Changed 3 years ago by kindly

This ticket needs to have a more thorough spec which needs to include.

  • Examples of put/post requests to resources and if they are needed.
  • Dealing with resources that do not have a related packages in terms of authorization. Do they have a new action? how granular is the authorization? per resource? system level? etc.
  • The rules related to authorization for resources attached to packages. i.e you only get read permissions when the related package has read permissions? do they have their own rules?

comment:6 Changed 3 years ago by dread

This ticket was designed only for reading resources, following an ongoing requirement from the Scraperwiki collaboration. Assume PUT/POST is out of scope.

I suggest dealing with resources that aren't attached to packages in an entirely new ticket or CEP, as the implications are wider than this aspect of the API.

comment:7 Changed 3 years ago by rgrp

  • Type changed from defect to enhancement
  • Description modified (diff)
  • Milestone changed from iati-4 to ckan-v1.5
Note: See TracTickets for help on using tickets.