Wiki Markup | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Section | ||||||||||||||||||||||
|
API for Authentication and Authorization
API for Authentication
Create User
Code Block |
---|
POST https://auth-staging.sagebase-.org.elasticbeanstalk.com/auth/v1/user {"userId":"demouser", "email":"demouser@sagebase.org", "firstName":"demo", "lastName":"user", "displayName":"Demo User"} {code} Successful |
Successful Response:
...
Code Block |
---|
HTTP/1.1 201 Created
{code}
Missing password or user ID already exists:
{code}
|
Missing password or user ID already exists:
Code Block |
---|
HTTP/1.1 400401 Bad Request {code} h3. Update User {code} PUT httpUnauthorized |
Note: As a side effect this will send an email to the given address, prompting the user to set their password.
Send Change-Password Email
Code Block |
---|
POST https://auth-staging.sagebase-org.elasticbeanstalk.com/.org/auth/v1/user sessionToken:<sessionToken> {"userId":"demouser", "/password/email {"email":"demouser@sagebase.org", "firstName":"demo", "lastName":"user", "displayName":"Demo User"} {code} where <sessionToken> is that returned by "Initiate Session", below. Successful Response: {code} } |
Successful Response:
Code Block |
---|
HTTP/1.1 204 No Content
|
If the email address is not in the user database:
Code Block |
---|
HTTP/1.1 200404 OK {code} Error Response, if the session token is missing or does not match userId: {code} HTTP/1.1 400 Bad Request Content-Type: application/json {"reason":"Not authorized."} {code} h3. Send Change-Password Email {code} POST http://auth-sagebase-org.elasticbeanstalk.com/auth/v1/userPasswordEmail {"userId":"demouser"} {code} Successful Response: {code} HTTP/1.1 204 NO CONTENT {code} h3. Initiate Session (Login) Request: {code} POST http://auth-sagebase-org.elasticbeanstalk.com/auth/v1/session {"userId":"demouser", "password":"demouser-pw"} {code} Successful Response: {code} HTTP/1.1 201 Created Content-Type: application/json {"displayName":"Demo User","sessionToken":"AYcOhWIm9NdOC6BdzzzisQ00"} {code} Error Response, if the user authentication details are incorrect: {code} HTTP/1.1 400 Bad Request AuthenticationURL: http://auth-sagebase-org.elasticbeanstalk.com/auth/v1/session Content-Type: application/json {"reason":"Unable to authenticate."} {code} Session token is valid for a period of time, currently set to 24 hours. h3. Refresh Token (reset timer) Request: {code} PUT http://auth-sagebase-org.elasticbeanstalk.com/auth/v1/session {"sessionToken":"AYcOhWIm9NdOC6BdzzzisQ00"} {code} Successful Response: {code} HTTP/1.1 200 OK {code} Error Response, if the session token is invalid: {code} HTTP/1.1 404 Not Found {"reason":"Unable to validate session."} {code} h3. Terminate Session (Logout) Request: {code} DELETE http://auth-sagebase-org.elasticbeanstalk.com/auth/v1/session {"sessionToken":"AYcOhWIm9NdOC6BdzzzisQ00"} {code} Response: {code} HTTP/1.1 204 NO CONTENT {code} h2. Sample commands, issued from cURL: Create User: curl \-k \-H "Content-Type:application/json" \-H "Accept:application/json" \-d "\{\"userId\":\"NEWuser\", \"email\":\"demouser@sagebase.org\", \"firstName\":\"demo\", \"lastName\":\"user\", \"displayName\":\"Demo User\"}" \-X POST [http://auth-sagebase-org.elasticbeanstalk.com/auth/v1/user] Update User: curl \-k \-H "Content-Type:application/json" \-H "Accept:application/json" \-d "\{\"userId\":\"NEWuser\", \"email\":\"demouser@sagebase.org\", \"firstName\":\"NEWdemo\", \"lastName\":\"NEWuser\", \"displayName\":\"NEWDemo User\"}" \-X PUT [http://auth-sagebase-org.elasticbeanstalk.com/auth/v1/user] Send Change Password Email: curl \-k \-H "Content-Type:application/json" \-H "Accept:application/json" \-d "\{\"userId\":\"demouser\"}" \-X POST [http://auth-sagebase-org.elasticbeanstalk.com/auth/v1/userPasswordEmail]Not Found |
Set Password
Code Block |
---|
POST https://auth-staging.sagebase.org/auth/v1/user/password
{"sessionToken":"abcdefgh-0123-4567-ijkl-mnopqrstuvwx", "password":"foobar"}
|
Successful Response:
Code Block |
---|
HTTP/1.1 204 No Content |
Get Secret Key for HMAC Authentication
Code Block |
---|
GET https://auth-staging.sagebase.org/auth/v1/secretKey
|
Successful Response:
Code Block |
---|
HTTP/1.1 200 {"secretKey":"0Ocy/cW/3WIdZg3Up9dguO4Kh5smBKpN7iWXAvVQqekGD3gT4nc7PWwlfOhcL+KW6W4PjXtgPQNhiP7yrwjfwQ=="}
|
Note: Session token is required in request header. The returned key is that of the authenticated user.
Invalidate Secret Key
Code Block |
---|
DELETE https://auth-staging.sagebase.org/auth/v1/secretKey
|
Successful Response:
Code Block |
---|
HTTP/1.1 204 No Content
|
Note: Session token or HMAC signature is required in request header. The key which is invalidated is that of the authenticated user.
Initiate Session (Login)
Request:
Code Block |
---|
POST https://auth-staging.sagebase.org/auth/v1/session
{"email":"demouser@sagebase.org", "password":"demouser-pw"} |
Successful Response:
Code Block |
---|
HTTP/1.1 201 Created
Content-Type: application/json
{"sessionToken":"AYcOhWIm9NdOC6BdzzzisQ00", "acceptsTermsOfUse":"true"}
|
Note: If the "acceptsTermsOfUse" field is "false", then an additional call to accept the Synapse terms of use is required before the session token can be used for authenticated requests
Session token is valid for a period of time, currently set to 24 hours.
Refresh Token (reset timer)
Request:
Code Block |
---|
PUT https://auth-staging.sagebase.org/auth/v1/session
{"sessionToken":"AYcOhWIm9NdOC6BdzzzisQ00"}
|
Successful Response:
Code Block |
---|
HTTP/1.1 204 No Content
|
Error Response, if the session token is invalid:
Code Block |
---|
HTTP/1.1 401 Unauthorized
{"reason":"Session token is not valid"}
|
Error Response, if the user has not signed the terms of use yet:
Code Block |
---|
HTTP/1.1 403 Forbidden
{"reason":"Terms of use must be signed"} |
Terminate Session (Logout)
Note: Sessions initiated by multiple clients for the same user around the same time will receive identical "single sign on" tokens. Since session termination is linked to the session token, terminating the session for one client via this command will have the side effect of terminating all sessions. An alternative is for the client simply to delete its own copy of the token.
Request:
Code Block |
---|
DELETE https://auth-staging.sagebase.org/auth/v1/session
|
Note: Session token is required in request header.
Response:
Code Block |
---|
HTTP/1.1 204 No Content
|
Accept the Synapse Terms of Use
Request:
Code Block |
---|
POST https://auth-staging.sagebase.org/auth/v1/termsOfUse
{"sessionToken":"AYcOhWIm9NdOC6BdzzzisQ00", "acceptsTermsOfUse":"true"} |
Response:
Code Block |
---|
HTTP/1.1 204 No Content |
Note: The ToU are available at this URL:
Code Block |
---|
https://auth-prod.sagebase.org/auth/v1/termsOfUse.html
|
Authentication via OpenID
Synapse supports authentication via OpenID with Google as the identity provider. You as a client initiate the users identity verification with Google, and pass through the URL parameters to our REST api which will unpack the openID parameters, and verify the account. If login is successful a Session object will be returned. See the Synapse Authentication REST API documentation for details.
Sample commands, issued from cURL:
Create User:
curl -k -H "Content-Type:application/json" -H "Accept:application/json" -d "{\"email\":\"demouser@sagebase.org\", \"firstName\":\"demo\", \"lastName\":\"user\", \"displayName\":\"Demo User\"}" -X POST https://auth-staging.sagebase.org/auth/v1/user
Send Change Password Email:
curl -k -H "Content-Type:application/json" -H "Accept:application/json" -d "{\"email\":\"demouser@sagebase.org\"}" -X POST https://auth-staging.sagebase.org/auth/v1/user/password/email
Login:
curl -k -H "Content-Type:application/json" -H "Accept:application/json" -d "{\"email\":\"demouser@sagebase.org\", \"password\":\"demouser-pw\"}" -X POST https://auth-staging.sagebase.org/auth/v1/session
Refresh session token:
curl -k -H "Content-Type:application/json" -H "Accept:application/json" -d "{\"sessionToken\":\"QYNoamrOKK0dBhjZOFfbAg00\"}" -X PUT https://auth-staging.sagebase.org/auth/v1/session
Logout:
curl -k -H "Content-Type:application/json" -H "Accept:application/json" -d "{\"sessionToken\":\"QYNoamrOKK0dBhjZOFfbAg00\"}" -X DELETE https://auth-staging.sagebase.org/auth/v1/session
Access repository services anonymously:
curl -H Accept:application/json https://repo-staging.sagebase.org/repo/v1/dataset/test
Access repository services with session token (obtained by logging in):
curl -H Accept:application/json -H sessionToken:AprxPRzpmaPm7FXzV1ik0w00 https://repo-staging.sagebase.org/repo/v1/dataset/test
Access repository services with HMAC-SHA1 signed request:
curl -i -H "Content-Type:application/json" -H "Accept:application/json" -H signatureTimestamp:2011-09-27T21:59:22.371-07:00 -H signature:yhMgokIH9ErQklj8oUuhHR5o5QM= -H userId:demouser@sagebase.org -X GET "http://localhost:8080/services-repository-0.7-SNAPSHOT/repo/v1/dataset?sort=name&limit=3"
Authentication of Requests to Platform
Authentication via Session Token
Requests shall include a header named "sessionToken" whose value is that returned by the Initiate Session request, above. (The session will timeout eventually, with a nominal duration of 24 hours.)
Authentication via Secret Key
Request shall include the following headers:
Code Block |
---|
userId: demouser@sagebase.org
signatureTimestamp: 2011-07-16T19:20:30.45+01:00 (i.e. in ISO8601 format including time zone)
signature: <signature>
|
where <signature> is the HMAC-SHA1 hash created using the shared secret key generated above, and the hashed data is the concatenation:
userId + uri + signatureTimestamp
URI example: If the request is made to
https://repo-staging.sagebase.org/repo/v1/dataset?sort=name&limit=3
then the URI is:
/repo/v1/dataset
Authentication Failure
For requests that fail to be authenticated the response will include the headers:
WWW-Authenticate: "Digest" your email
and a plain text body: "The token provided was invalid or expired."
API for Authorization
Default groups
Currently, there are two default groups that can be used to set permissions:
Group Name | Description |
---|---|
PUBLIC | All users belong to this group. This is the only group that the anonymous@sagebase.org user belongs to. The anonymous user is used for anyone that has not logged in to Synapse. Therefore, granting permission to PUBLIC will grant that permission to everyone including users that have not logged in. |
AUTHENTICATED_USERS | All users that have logged in will automatically belong to this group. Therefore, granting permissions to AUTHENTICATED_USERS will grant that permission to any user that has logged in to Synapse. |
Get the users who can be added to a resource's ACL
Code Block |
---|
GET https://repo-staging.sagebase.org/repo/v1/user?offset=1&limit=100
|
Code Block |
---|
{"totalNumberOfResults":340,
"results":[
{"lastName":"Bar","etag":"403","ownerId":"273956","firstName":"Foo","displayName":"Foo Bar"},
....
],
"paging":{"next":"/repo/v1/user?offset=101&limit=100"}
}
|
Get the groups who can be added to a resource's ACL
Code Block |
---|
GET https://repo-staging.sagebase.org/repo/v1/userGroup
|
Code Block |
---|
[
{"name":"AUTHENTICATED_USERS","id":"1","creationDate":1307141423000,"uri":null,"etag":null,"individual":false},
{"name":"PUBLIC","id":"2","creationDate":1307141423000,"uri":null,"etag":null,"individual":false},
{"name":"Federation Group","id":"3","creationDate":1307141423000,"uri":null,"etag":null,"individual":false}
]
|
Note: The "name" fields returned from /user and /userGroup are used in the "groupName" fields in the ACLs shown below.
Get Access Control List for a Resource
Returns the ACL for the node responsible for the given node's permissions. Note: In the following example, 'id' is the id of the node to which permissions are attached; there is one 'resourceAccess' entry per UserGroup (aka 'principal') having access to the resource; 'groupName' is the name of the UserGroup object; 'accessType' is the list of types of access the given UserGroup has to the given resource.
Code Block |
---|
GET https://repo-staging.sagebase.org/repo/v1/entity/{entity_id}/acl
|
Code Block |
---|
{"id":"1",
"creationDate":1307141851484,
"uri":null,
"etag":"0",
"createdBy":"admin",
"resourceAccess":[
{"id":"1",
"groupName":"PUBLIC",
"accessType":["READ","CHANGE_PERMISSIONS","DELETE","UPDATE","CREATE"]
}
],
"modifiedBy":"admin",
"modifiedOn":1307141851483
}
|
Create Access Control List for a Resource
Note: This is only used when the resource 'rid' currently inherits its access control list from an ancestor. This request causes 'rid' to cease ACL inheritance and instead use the ACL passed in with the request.
Code Block |
---|
POST https://repo-staging.sagebase.org/repo/v1/entity/{entity_id}/acl
{"id":"{entity_id}",
"resourceAccess":[
{"groupName":"PUBLIC",
"accessType":["READ","CHANGE_PERMISSIONS","DELETE","UPDATE","CREATE"]
}
]
}
|
Update Access Control List for a Resource
Note: This is only used when a "entity_id" already specifies its access control list (does not inherit from an ancestor).
Code Block |
---|
PUT https://repo-staging.sagebase.org/repo/v1/entity/{entity_id}/acl
{"id":"1",
"etag":"0",
"resourceAccess":[
{"id":"1",
"groupName":"PUBLIC",
"accessType":["READ","CHANGE_PERMISSIONS","DELETE","UPDATE","CREATE"]
}
],
}
|
Delete Access Control List for a Resource
This deletes the given object's ACL, restoring its dependence on its owner's permissions.
Code Block |
---|
DELETE https://repo-staging.sagebase.org/repo/v1/entity/{entity_id}/acl
|
Ask whether there is access to a Resource
Note: The query is asked for the user who is implied by the session token, or 'anonymous' if there is no token.
Code Block |
---|
GET https://repo-staging.sagebase.org/repo/v1/entity/{entity_id}/access?accessType={accessType}
|
Code Block |
---|
{"result":true}
|
API For Resource Access
The Synapse Authorization Services include support for creating abstract 'resources' and allowing users access. The defined requests are shown below. Note: All requests must be authenticated, as described earlier in this document.
Authorize a User for a Resource
Code Block |
---|
POST https://auth-staging.sagebase.org/auth/v1/resourceAccess/{resourceName}
{"userName":"demouser@sagebase.org", "userData":"some-user-data"}
|
Note: The user executing this request must be a Synapse Administrator.
Successful Response:
Code Block |
---|
HTTP/1.1 201 Created
|
Create a Resource-Access Session
Code Block |
---|
POST https://auth-staging.sagebase.org/auth/v1/resourceSession/{resourceName}
|
Note: The session is created for the user authenticated in the request.
Successful Response:
Code Block |
---|
HTTP/1.1 201 Created
{"resourceAccessToken":"a1b2c3d4e5f6"} |
Unsuccessful Response:
Code Block |
---|
HTTP/1.1 401 Unauthorized
{"reason": "Not authorized."} |
Validate a Resource-Access Session
Code Block |
---|
GET https://auth-staging.sagebase.org/auth/v1/resourceSession/a1b2c3d4e5f6
|
Note: Though the request must be authenticated, the user making the request need not be the same as the user whose session is indicated by the passed token. This allows (for example) a 'service account' to request authentication of tokens owned by real users.
Successful Response:
Code Block |
---|
HTTP/1.1 200 OK
{"userName":"demouser@sagebase.org", "userData":"some-user-data"} |
Unsuccessful Response:
Code Block |
---|
HTTP/1.1 401 Unauthorized
{"reason": "Not authorized."} |
API for User Profiles
Get your own profile
Code Block |
---|
GET https://repo-staging.sagebase.org/repo/v1/userProfile
|
returns the profile of the authenticated user:
Code Block |
---|
{
"firstName":"Jane",
"lastName":"Smith",
"userName","janesmith@sagebase.org",
"displayName":"Jane Smith",
"rStudioUrl":"http://rstudiohost.sagebase.org",
"ownerId":"1001",
"uri":"/userProfile",
"etag":"0"
}
|
Get another's profile
Code Block |
---|
GET https://repo-staging.sagebase.org/repo/v1/userProfile/1001
|
returns the profile of the specified user, where "ownerId" is the "id" field returned in the "/user" request, described above, https://sagebionetworks.jira.com/wiki/display/PLFM/Authentication+and+Authorization+API#AuthenticationandAuthorizationAPI-GettheuserswhocanbeaddedtoaresourcesACL.
Note: Private fields (e.g. "rStudioUrl") are omitted unless the requestor is the profile owner or an administrator.
Code Block |
---|
{
"firstName":"Jane",
"lastName":"Smith",
"displayName":"Jane Smith",
"ownerId":"1001",
"uri":"/userProfile",
"etag":"0"
} |
Update your own profile
Code Block |
---|
PUT https://repo-staging.sagebase.org/repo/v1/userProfile
{
"firstName":"Jane",
"lastName":"Smith",
"userName","janesmith@sagebase.org",
"displayName":"Jane Smith",
"rStudioUrl":"http://rstudiohost.sagebase.org",
"ownerId":"1001",
"uri":"/userProfile",
"etag":"0"
} |
Note: The user associated with "ownerId" must match the identity of the authenticated user making the request, otherwise and Unauthorized response will occur.
Update another's profile
Code Block |
---|
PUT https://repo-staging.sagebase.org/repo/v1/userProfile/1001
{
"firstName":"Jane",
"lastName":"Smith",
"userName","janesmith@sagebase.org",
"displayName":"Jane Smith",
"rStudioUrl":"http://rstudiohost.sagebase.org",
"ownerId":"1001",
"uri":"/userProfile",
"etag":"0"
} |
Note: This API is available only to administrators.
Get a batch of Headers for Users and Groups
Synapse provides a batch UserGroupHeader service to fetch information about a collection of users or groups, specified by Synapse IDs. UserGroupHeaders contain a user's name, e-mail address, display name, and picture URL, when available.
Code Block |
---|
GET https://repo-staging.sagebase.org/repo/v1/userGroupHeaders/batch?ids=1001,819
|
Note that ids are specified as request parameters at the end of the URL, separated by commas. In the example above, we are fetching headers for Synapse IDs 1001 and 819.
Get Users and Groups by email
This service can be used to search for synapse users by name or email:
Code Block |
---|
GET {repo-endpoint}/userGroupHeaders?prefix=john.doe@somedomain.org
|
returns:
Code Block |
---|
{'totalNumberOfResults': 1,
'children':[
{'displayName': 'John Doe',
'firstName': 'John',
'lastName': 'Doe',
'pic': {'contentType': 'image/jpeg',
'name': '1421211.jpg',
'tokenId': '1444862/1421211.jpg',
'previewId': '1444863/1421211.jpg',
'md5': '3211e11de379bc62b70bd2a1fc49255e',
'previewState': 'PREVIEW_EXISTS'},
'email': 'joh...e@somedomain.org',
'ownerId': '1421212',
'isIndividual': True}],
'prefixFilter': 'john.doe@somedomain.org'} |
More Examples
Add a particular user with full access and identified individuals with read-only access to a project.
Get Request:
Code Block |
---|
curl -H sessionToken:XXXXXXXXXXXXXXXXXX -H Content-Type:application/json -k https://repo-staging.sagebase.org/repo/v1/project/498/acl
|
Get Response:
Code Block |
---|
{
"id":"3",
"creationDate":1308274656084,
"etag":"0",
"createdBy":"nicole.deflaux@sagebase.org",
"resourceAccess":[
{
"id":"4",
"groupName":"AUTHENTICATED_USERS",
"accessType":[
"DELETE",
"CHANGE_PERMISSIONS",
"UPDATE",
"READ",
"CREATE"
]
}
],
"modifiedBy":"nicole.deflaux@sagebase.org",
"modifiedOn":1308274656084,
"uri":"/repo/v1/project/498/acl"
} |
Update Request:
Code Block |
---|
curl -H sessionToken:XXXXXXXXX -H Content-Type:application/json -X PUT -d '{ "id":"3", "creationDate":1308274656084, "etag":"0", "createdBy":"nicole.deflaux@sagebase.org", "resourceAccess":[ { "groupName":"AUTHENTICATED_USERS", "accessType":[ "READ" ] }, { "groupName":"nicole.deflaux@sagebase.org", "accessType":[ "DELETE", Login: curl \-k \-H "Content-Type:application/json" \-H "Accept:application/json" \-d "\{\"userId\":\"demouser\", \"password\":\"demouser-pw\"\}" \-X POST [http://auth-sagebase-org.elasticbeanstalk.com/auth/v1/sessionCHANGE_PERMISSIONS", "UPDATE", "READ", "CREATE" ] }, { Refresh session token: curl \-k \-H "groupName"Content-Type:application/json" \-H "Accept:application/json" \-d "\{\"sessionToken\":\"QYNoamrOKK0dBhjZOFfbAg00\"\}" \-X PUT [http://auth-sagebase-org.elasticbeanstalk.com/auth/v1/session]:"someuser@sagebase.org", "accessType":[ "DELETE", Logout: curl \-k \-H "Content-Type:application/json" \-H "Accept:application/json" \-d "\{\"sessionToken\":\"QYNoamrOKK0dBhjZOFfbAg00\"}" \-X DELETE [http://auth-sagebase-org.elasticbeanstalk.com/auth/v1/session]CHANGE_PERMISSIONS", "UPDATE", "READ", Access repository services anonymously: curl \-H Accept:application/json [http://localhost:8080/repo/v1/dataset/test] "CREATE" ] } Access repository], services with session token (obtained by logging in): curl \-H Accept:application/json \-H sessionToken:AprxPRzpmaPm7FXzV1ik0w00 [http://localhost:8080 "modifiedBy":"nicole.deflaux@sagebase.org", "modifiedOn":1308274656084, "uri":"/repo/v1/project/498/acl" }' https://repo-staging.sagebase.org/repo/v1/dataset/test]\\ project/498/acl |
Update Response:
Code Block |
---|
{ h3. Authentication of Requests to Platform Requests shall include a header named "sessionToken" whose value is that returned by the Initiate Session request, above. (The session will timeout eventually, with a nominal duration of 24 hours.) For requests that fail to be authenticated the response will include the headers: WWW-Authenticate: authenticate Crowd "id":"3", "creationDate":1308274656084, "etag":"0", "createdBy":"nicole.deflaux@sagebase.org", "resourceAccess":[ { "id":null, "groupName":"someuser@sagebase.org", "accessType":[ and a plain text body: "DELETE"The, token provided was invalid or expired." h2. API for Authorization (Note, the URL may migrate from that of the repository services to a separate location.) h3. Create Group {code} POST http://repositoryservice.sagebase.org/repo/v1/usergroup {"name":"MyGroup"} {code} Note: The group's name must be unique in the system. h3. Retrieve Groups {code} GET http://repositoryservice.sagebase.org/repo/v1/usergroup {code} h3. Retrieve Group {code} GET http://repositoryservice.sagebase.org/repo/v1/usergroup/{id} {code} h3. Delete Group {code} DELETE http://repositoryservice.sagebase.org/repo/v1/usergroup/{id} {code} h3. Update Group (shallow properties, i.e. the group's name) {code} PUT http://repositoryservice.sagebase.org/repo/v1/usergroup/{id} {"name":"OurGroup"} {code} h3. Get the users in the system {code} GET http://repositoryservice.sagebase.org/repo/v1/user {code} Note: This provides the {uid} values for the following requests. h3. Add a user to the group {code} PUT http://repositoryservice.sagebase.org/repo/v1/usergroup/{gid}/users/{uid} {code} h3. Remove a user from the group {code} DELETE http://repositoryservice.sagebase.org/repo/v1/usergroup/{gid}/users/{uid} {code} h3. Get all the users in a group {code} GET http://repositoryservice.sagebase.org/repo/v1/usergroup/{gid}/users {code} h3. Give a group access to a resource, specifying the allowable access types Note: A resource is specified by its type and an identifier, unique within a type. Allowable types are returned by the DAOs in the 'models' package, e.g. org.sagebionetworks.repo.model.DatasetDAO.getType() returns the type for Datasets. {code} PUT http://repositoryservice.sagebase.org/repo/v1/usergroup/{gid}/resources/{rtype}/{rid} {"accessType":["READ","CHANGE","SHARE"]} {code} h3. Remove all access to a resource from a group {code} DELETE http://repositoryservice.sagebase.org/repo/v1/usergroup/{gid}/resources/{rtype}/{rid} {code} h3. Find out the access types a group has for a resource {code} GET http://repositoryservice.sagebase.org/repo/v1/usergroup/{gid}/resources/{rtype}/{rid} {code}"UPDATE", "CHANGE_PERMISSIONS", "READ", "CREATE" ] }, { "id":null, "groupName":"nicole.deflaux@sagebase.org", "accessType":[ "DELETE", "UPDATE", "CHANGE_PERMISSIONS", "READ", "CREATE" ] }, { "id":null, "groupName":"AUTHENTICATED_USERS", "accessType":[ "READ" ] } ], "modifiedBy":"nicole.deflaux@sagebase.org", "modifiedOn":1308274656084, "uri":"/repo/v1/project/498/acl" } |