Versions Compared

Old Version 92

changes.mady.by.user Bruce Hoff

Saved on

compared with

New Version 93

changes.mady.by.user Bruce Hoff

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
{"result":true}

More Examples

Add a particular user with full access and identified individuals with read-only access to a project.

Get Request:

...

API For Resource Access

The Synapse Authorization Services include support for creating abstract 'resources' and allowing users access.  The defined requests are shown below.  Note:  All requests must be authenticated, as described earlier in this document.

Authorize a User for a Resource

Code Block
POST https://auth-staging.sagebase.org/repoauth/v1/project/498/acl

Get Response:

Code Block
{
   "id":"3",
   "creationDate":1308274656084,
   "etag":"0",
   "createdBy":"nicole.deflaux@sagebase.org",
   "resourceAccess":[
      {
         "id":"4",
         "groupName":"AUTHENTICATED_USERS",
         "accessType":[
            "DELETE",
            "CHANGE_PERMISSIONS",
            "UPDATE",
            "READ",
            "CREATE"
         ]
      }
   ],
   "modifiedBy":"nicole.deflaux@sagebase.org",
   "modifiedOn":1308274656084,
   "uri":"resourceAccess/{resourceName}
{"userName":"demouser@sagebase.org", "userData":"some-user-data"}

Note:  The user executing this request must be a Synapse Administrator.

Successful Response:

Code Block
HTTP/1.1 201 Created

Create a Resource-Access Session

Code Block
POST https://auth-staging.sagebase.org/auth/v1/resourceSession/{resourceName}

Note:  The session is created for the user authenticated in the request.

Successful Response:

Code Block
HTTP/1.1 201 Created
{"resourceAccessToken":"a1b2c3d4e5f6"}

Validate a Resource-Access Session

Code Block
GET https://auth-staging.sagebase.org/auth/v1/resourceSession/a1b2c3d4e5f6

Note:  Though the request must be authenticated, the user making the request need not be the same as the user whose session is indicated by the passed token.  This allows (for example) a 'service account' to request authentication of tokens owned by real users.

Successful Response:

Code Block
HTTP/1.1 200 OK
{"userName":"demouser@sagebase.org", "userData":"some-user-data"}

Unsuccessful Response:

Code Block
HTTP/1.1 400 OK
{"reason": "Not authorized."}

 

 

More Examples

Add a particular user with full access and identified individuals with read-only access to a project.

Get Request:

Code Block
curl -H sessionToken:XXXXXXXXXXXXXXXXXX -H Content-Type:application/json -k  https://repo-staging.sagebase.org/repo/v1/project/498/acl"
}

Update RequestGet Response:

Code Block
curl -H sessionToken:XXXXXXXXX -H Content-Type:application/json -X PUT -d '{
   "id":"3",
   "creationDate":1308274656084,
   "etag":"0",
   "createdBy":"nicole.deflaux@sagebase.org",
   "resourceAccess":[
      {
         "groupNameid":"AUTHENTICATED_USERS4",
         "accessType":[
            "READ"
         ]
      },
 groupName":"AUTHENTICATED_USERS",
    {          "groupName":"nicole.deflaux@sagebase.org",
         "accessType":[
            "DELETE",
            "CHANGE_PERMISSIONS",
            "UPDATE",
            "READ",
            "CREATE"
         ]
      },
   ],
  {
         "groupName":"someuser@sagebase "modifiedBy":"nicole.deflaux@sagebase.org",
   "modifiedOn":1308274656084,
     "accessTypeuri":[
        "/repo/v1/project/498/acl"
}

Update Request:

Code Block
curl -H sessionToken:XXXXXXXXX -H Content-Type:application/json -X PUT -d '{
   "DELETEid":"3",
   "creationDate":1308274656084,
   "etag":"0",
   "createdBy":"nicole.deflaux@sagebase.org",
   "CHANGE_PERMISSIONS",resourceAccess":[
      {
       "UPDATE  "groupName":"AUTHENTICATED_USERS",
            "READaccessType",:[
            "CREATEREAD"
         ]
      },
      {
 ],        "modifiedBygroupName":"nicole.deflaux@sagebase.org",
   "modifiedOn":1308274656084,      "uriaccessType":"/repo/v1/project/498/acl"
}' https://repo-staging.sagebase.org/repo/v1/project/498/acl

Update Response:

Code Block
{[
        "id":"3",    "creationDateDELETE":1308274656084,
   "etag":"0",      "createdBy":"nicole.deflaux@sagebase.org",    "resourceAccess":[CHANGE_PERMISSIONS",
      {      "UPDATE",
   "id":null,          "groupName":"someuser@sagebase.org"READ",
         "accessType":[   "CREATE"
         "DELETE",]
        },
   "UPDATE",   {
         "CHANGE_PERMISSIONS",
groupName":"someuser@sagebase.org",
           "READaccessType",:[
            "CREATEDELETE",
         ]       },
 "CHANGE_PERMISSIONS",
    {          "idUPDATE":null,
         "groupName":"nicole.deflaux@sagebase.org",
         "accessTypeREAD":[,
            "DELETECREATE",
         ]
  "UPDATE",    }
    ],
   "CHANGE_PERMISSIONSmodifiedBy":"nicole.deflaux@sagebase.org",
   "modifiedOn":1308274656084,
   "uri":"/repo/v1/project/498/acl"
}' https://repo-staging.sagebase.org/repo/v1/project/498/acl

Update Response:

Code Block
{
   "READid":"3",
   "creationDate":1308274656084,
   "etag":"0",
    "CREATE""createdBy":"nicole.deflaux@sagebase.org",
   "resourceAccess":[
     ]       },
      {
         "id":null,
         "groupName":"AUTHENTICATED_USERSsomeuser@sagebase.org",
         "accessType":[
            "READDELETE",
         ]   "UPDATE",
   }     ],    "modifiedBy":"nicole.deflaux@sagebase.orgCHANGE_PERMISSIONS",
            "READ",
   "modifiedOn":1308274656084,         "CREATE"
         ]
      },
      {
         "uri":"/repo/v1/project/498/acl"
}

API For Resource Access

The Synapse Authorization Services include support for creating abstract 'resources' and allowing users access.  The defined requests are shown below.  Note:  All requests must be authenticated, as described earlier in this document.

Authorize a User for a Resource

Code Block
POST https://auth-staging.sagebase.org/auth/v1/resourceAccess/{resourceName}
{"userName":"demouser@sagebase.org", "userData":"some-user-data"}

Note:  The user executing this request must be a Synapse Administrator.

Successful Response:

Code Block
HTTP/1.1 201 Created

Create a Resource-Access Session

Code Block
POST https://auth-staging.sagebase.org/auth/v1/resourceSession/{resourceName}

Note:  The session is created for the user authenticated in the request.

Successful Response:

Code Block
HTTP/1.1 201 Created
{"resourceAccessToken":"a1b2c3d4e5f6"}

Validate a Resource-Access Session

Code Block
GET https://auth-staging.sagebase.org/auth/v1/resourceSession/a1b2c3d4e5f6

Note:  Though the request must be authenticated, the user making the request need not be the same as the user whose session is indicated by the passed token.  This allows (for example) a 'service account' to request authentication of tokens owned by real users.

Successful Response:

Code Block
HTTP/1.1 200 OK
{"userName":"demouser@sagebase.org", "userData":"some-user-data"}

Unsuccessful Response:

Code Block
HTTP/1.1 400 OK
{"reason": "Not authorized."}

...

id":null,
         "groupName":"nicole.deflaux@sagebase.org",
         "accessType":[
            "DELETE",
            "UPDATE",
            "CHANGE_PERMISSIONS",
            "READ",
            "CREATE"
         ]
      },
      {
         "id":null,
         "groupName":"AUTHENTICATED_USERS",
         "accessType":[
            "READ"
         ]
      }
   ],
   "modifiedBy":"nicole.deflaux@sagebase.org",
   "modifiedOn":1308274656084,
   "uri":"/repo/v1/project/498/acl"
}