[DM-5645] Add fine-grained authorization to ltd-keeper users - Jira

XML

Word

Printable

Details

Type: Story
Status: Done
Resolution: Done
Fix Version/s: None
Component/s: Stack Documentation and UX
Labels:
- lsst-the-docs

Story Points:
2.2
Epic Link:
sqre-ltd-prod
Team:
SQuaRE

Description

The initial MVP of ltd-keeper had all-or-nothing authentication; any user was effectively an admin user. It would be useful have fine grained roles that each API user could have (for example, one API user might be able to add a build, but not create an edition or product or add another user). The phases of this ticket at:

1. Design a set of roles that cover current functionality
2. Add these roles to the User DB model and user creation API
3. Authorize users against these roles in specific API calls

Attachments

Issue Links

is triggering

DM-5678 Add LSST the Docs Keeper API routes for creating new API users

Invalid

DM-5679 Change LSST the Docs Keeper response content based on API user authorization level

Invalid

Activity

No work has yet been logged on this issue.

People

Assignee:: Jonathan Sick

Reporter:: Jonathan Sick

Reviewers:: J Matt Peterson [X] (Inactive)

Watchers:: J Matt Peterson [X] (Inactive), Jonathan Sick

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 27/Mar/16 3:54 PM

Updated:: 06/Apr/16 10:32 AM

Resolved:: 06/Apr/16 10:32 AM

Jenkins

No builds found.

Data Management