[Girder-users] Restricting user access
Andrés Fortier
andres at ekumenlabs.com
Mon Jul 3 15:23:23 EDT 2017
Hi all,
I was wondering if it is possible to restrict a user access to girder, both
in the REST API and in the web view. One use case for this is to be able to
treat a folder and its contents as a whole: we want a user to be able to
upload a folder and to update it, but always as a whole (i.e. not to allow
partial updates, like adding a file to it). Our idea would be to have a
dedicated REST endpoint for this (similar to the way a folder is uploaded
now) to handle the CRUD, but then we need to ensure that:
1. the user can't manually call the current API to update the folder. I
think the way to do this would be to remove some API endpoints, although
I'm not sure this can be done easily.
2. the user can't login in the web UI (this is ok as we will be rolling our
dedicated UI). Is there a simple way to make the UI admin-only?
Any hints would be much appreciated.
Thanks!
Andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://public.kitware.com/pipermail/girder-users/attachments/20170703/4419cce5/attachment.html>
More information about the Girder-users
mailing list