Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Filter assets by read-only permission #2300

Closed
chrisknoll opened this issue Jul 28, 2023 · 0 comments · Fixed by #2301
Closed

Filter assets by read-only permission #2300

chrisknoll opened this issue Jul 28, 2023 · 0 comments · Fixed by #2301
Milestone
v2.14

Comments

@chrisknoll
Copy link
Collaborator

This is a feature request where we would like to enable an option on WebAPI that would restrict items from being returned to callers if they do not have read permission to the entity.

Currently, WebAPI assumes all users are granted read-access to entities. Write permission is granted to the entity creator, and also can be assigned by the creator to other users.

This enhancement would allow read permission to be assigned to a user, and, if readOnlyPermission is enabled, WebAPI will filter any asset that a user does not have read-access from any WebAPI call.

This enhancement can be accomplished using current security implementation (read permission is something that exists via the :get roles), but the new functionality would be to not assume everyone with read-permission, and instead provide a mechanism to filter and assign read permission to users.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v2.14
Development

Successfully merging a pull request may close this issue.

Filter cohorts and concepts by permission (#2245) OHDSI/WebAPI
2 participants
@chrisknoll @anthonysena