kinto.js icon indicating copy to clipboard operation
kinto.js copied to clipboard

Published 20 hours ago verified publisher icon Kinto

Fix permissions handling so they're patched and not overridden

Open n1k0 opened this issue 9 years ago • 5 comments

Note that having more atomic endpoints/methods for dealing with perms update might greatly help, and this is currently discussed in https://github.com/Kinto/kinto/issues/458.

n1k0 avatar Feb 23 '16 19:02 n1k0

We could add two new methods:

  • addPermission('write', ['github:me', 'basic:gjroepo4i94i9i'], options)
  • removePermission('read', ['system.Everyone'], options)

Those two methods would perform a first call to retrieve the current permissions, then add/remove the specified principals, and perform a second call with patch using concurrency-control headers to prevent races.

Is that what you had in mind @n1k0 ?

leplatrem avatar Jun 22 '16 09:06 leplatrem

Without any specific syntax to do that in one request on the server endpoint, yes, exactly. Note that these two calls could be perform in a single batch operation anyway.

n1k0 avatar Jun 22 '16 10:06 n1k0

could be perform in a single batch operation anyway

I don't think so, since you need the response of the first one to perform the second one.

leplatrem avatar Jun 22 '16 13:06 leplatrem

Ah, true. No big deal anyway.

n1k0 avatar Jun 22 '16 13:06 n1k0

Now that JSON patch (https://tools.ietf.org/html/rfc6902) support was added by @gabisurita we could leverage it for manipulating permissions

leplatrem avatar Feb 09 '17 10:02 leplatrem