tiled icon indicating copy to clipboard operation
tiled copied to clipboard
verified publisher icon bluesky

Add scopes `delete:metadata` and `delete:data`

Open danielballan opened this issue 1 year ago • 1 comments

Summarizing a discussion with @dylanmcreynolds

Currently, the deletion routes require write:metadata and write:data Scopes:

https://github.com/bluesky/tiled/blob/addcda65680c9a93557244301f8b286b843321e7/tiled/server/router.py#L1216

Let's separate out Scopes for deletion so that Roles and Access Control Policies can enable writing but block deleting if desired. (This issue is not taking a policy on what default/common Scopes should be, only that these should be separated out now so that it is possible to distinguish them.)

Specifically:

  • delete:metadata --- May remove rows from the Catalog database, dropping references to externally-managed data.
  • delete:data --- May delete actual files, internally-managed files that were written by the Tiled server and may be the canonical copy of a given dataset. (Deleting the files should also clean up the SQL entities referencing them.)

We may need to add and/or rename routes:

  • Existing route DELETE /metadata/{path} should change from scopes ["write:metadata", "write:data"] to scopes ["delete:metadata"].
  • Existing route DELETE /nodes/{path} should maybe be split into DELETE /nodes/metadata/{path} (can delete references to externally-managed data, or empty nodes) and DELETE /nodes/assets/{path} (can delete actual data), protected by ["delete:metadata"] and ["delete:metadata", "delete:data"] respectively.

danielballan avatar May 10 '24 00:05 danielballan

This sounds reasonable.

padraic-shafer avatar May 10 '24 12:05 padraic-shafer

I'm tempted to call this Good First Issue?

DiamondJoseph avatar Jul 04 '25 09:07 DiamondJoseph