Skip to content

administration

Jump to bottom
Jana Rajakumar edited this page Feb 22, 2018 · 12 revisions

Admin Users

  • Admin users have full access to perform any authenticated requests on any objects in the database. These include POST, PUT and DELETE.
  • In order to create a new admin user, a POST request must be sent to /auth/admin along with the required params in the body (username, email, password and secretKey). The value for the secretKey is defined in the API settings and must be kept secret from public view.
  • Apart from performing actions on objects, admin users can create/update/delete accounts for Staff users.

Staff Users

  • Staff users have full access to perform any authenticated requests on any objects that they own. This is identified by the internal property ownedBy in an object. A newly created object will have the staff user who sent the request as the owner. Additional PUT and DELETE requests on that object can only be performed by that staff user.

Staff User Permissions

{
  "collections": [
    "http://localhost:8000/collections/anatomia",
    "http://localhost:8000/collections/insulin"
  ],
  "manifests": [
    "http://localhost:8000/anatomia:RBAI001/manifest",
    "http://localhost:8000/anatomia:RBAI002/manifest"
  ],
  "username": "NEW STAFF",
  "action": "ADD"
}
  • This would add the NEW STAFF to the existing list of usernames under each of the given Collections and Manifests recursively to its children too.
  • In order to remove a username, a request must be sent with the value of action being REMOVE instead of ADD.
  • NOTE: The list in collections will only update its sub-collections and manifests. It won't update any of its sub-collection's manifests.

FAQ

  • How to share an object with multiple staff users ?

  • An admin user can update the object which multiple staff users wants to share by performing a PUT for that object and updating the ownedBy internal field. The ownedBy is a list of staff usernames who have authenticated access to that object.

  • How to block access to an object from all staff users ?

  • An admin user can update the ownedBy field to be an empty list. This will make the object editable only by an admin user.

  • How to view all objects owned by a specific staff user ?

  • This can be achieved by sending a search query to the object.

  • (eg): To view all manifests that a staff user has permissions, /search/manifest/?ownedBy%3Dstaffusername. This would result in a list of manifests.

Clone this wiki locally