1. IEEG Portal Avatar IEEG Portal
  2. Portal
  3. ieeg

Wiki

Clone wiki

ieeg / WsResourceAces

View History

An ace is an access control entity. We have three types: projectAce, userAce, and worldAce. Common ace attributes are

  • id: The ace's id
  • permission: The permission granted by the ace. Legal values depend on ace type.
  • targetId: The id of the target to which the ace applies. This is restricted to dataset ids.

The projectAce is used to give access to one of the two groups defined by a project: the team or the admins. This ace requires the following additional attributes:

  • project: The name of the project being given access.
  • projectId: The id of the project being given access.
  • projectGroup: The group within the project being given access. Legal values are team or admins.

Legal values of permission are READ, EDIT, and OWNER.

projectAce example: 

<projectAce
        id="23"
        project="My Project 1"
        projectId="5"
        projectGroup="team"
        permission="EDIT"
        targetId="1772c0f3-dad1-4a0c-b702-d8393fdd0db9" />

The userAce is used to give access to an individual user. This ace adds the following attributes to the common ones:

  • username: The user being given access.
  • userId: The id of the user being given access.

Legal values of permission are READ, EDIT, and OWNER.

userAce example: 

<userAce
        id="109"
        username="Joe Smith"
        userId="340"
        permission="OWNER"
        targetId="1772c0f3-dad1-4a0c-b702-d8393fdd0db9" />

The worldAce is used to give access to all non-guest users. It does not require additional attributes.

Legal values of permission are NONE, READ, and EDIT.

worldAce example: 

<worldAce
        id="5"
        permission="READ"
        targetId="1772c0f3-dad1-4a0c-b702-d8393fdd0db9" />

List a dataset's aces (dev)

See the Datasets resource.

Add an ace (dev)

POST /services/aces

Example request body: 

<userAce
        username="Joe Smith"
        userId="340"
        permission="OWNER"
        targetId="1772c0f3-dad1-4a0c-b702-d8393fdd0db9" />

Example response body: 

<userAce
        id="109"
        username="Joe Smith"
        userId="340"
        permission="OWNER"
        targetId="1772c0f3-dad1-4a0c-b702-d8393fdd0db9" />

When the creation succeeds an HTTP response code of 201 is returned and the Location header is set pointing to the newly created ace.

The service will return a response code of 400 in the following situations:

  • The user or project does not exist.
  • The value of permission is illegal for ace type.
  • There is no dataset with id equal to targetId.
  • The user or project group already has an ace for the given dataset. Use modify instead.
  • The request body has type worldAce. There is always exactly one world ace for a dataset so it does not need to be created. Use modify instead to change the world permission.

Modify an ace (dev)

PUT /services/aces/{ace id}

Only the permission field of an ace may be modified. If you want to revoke a user's or project group's access you should delete the ace.

The updated ace is returned in the response body.

Delete an ace (dev)

DELETE /services/ace/{ace id}
Back to manual

Updated