Specify permission for service admin #342
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
specify additional privileges for service admins.
docs/API.md
Outdated
|
|
||
| Users in the [service admin group](#service-admin-group) can read data from any project, and edit (read/update/delete) data in any project. | ||
|
|
||
| Users belonging to a project can update/delete data of that project that are not global resources and that are not public. |
There was a problem hiding this comment.
Small rephrasing to avoid the "not":
Suggested change
| Users belonging to a project can update/delete data of that project that are not global resources and that are not public. | |
| Users belonging to a project can update/delete data of that project only if they are private. |
For confirmation, only the service admins should be allowed to update or delete public resources in a project? In that case we can say explicitly something like:
Global resources (not in a project) and public entities (in a project) can be updated only by service admins.
There was a problem hiding this comment.
I changed it . I am not sure why the "in a project" / "not in a project" would matter. These should be editable only by service admin.
There was a problem hiding this comment.
I was meaning that it should be clear that it applies to both the types of resources:
- globals (not in a project because they don't have authorized_project_id: e.g. species, strain...)
- public (in a project because they have authorized_project_id, but authorized_public is True: e.g. morphologies...)
There was a problem hiding this comment.
I updated with a definition of global resource.
|
Are we good with the changes now ? |
eleftherioszisis
approved these changes
Sep 3, 2025
GianlucaFicarelli
approved these changes
Sep 3, 2025
GianlucaFicarelli
added a commit
that referenced
this pull request
Sep 11, 2025
* origin/main: Validate scale and build_category in circuit filter (#352) Add admin delete endpoints for all routers (#281) root routes should not require auth, make sure tests reflect this (#351) Specify permission for service admin (#342) Add assets in ValidationResultRead schema (#348) Fix transaction_per_migration in alembic (#346)
GianlucaFicarelli
added a commit
that referenced
this pull request
Sep 11, 2025
* origin/main: Add IonChannel and IonChannelRecording (#305) Add update endpoints for users (#347) Adds deterministic order fallback by entity id (#350) Validate scale and build_category in circuit filter (#352) Add admin delete endpoints for all routers (#281) root routes should not require auth, make sure tests reflect this (#351) Specify permission for service admin (#342) Add assets in ValidationResultRead schema (#348) Fix transaction_per_migration in alembic (#346) Add the ability to filter by name to IonChannelModel (#338)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.