Skip to content

API token permissions #1503

Description

@mzur

We should consider to implement a basic permission system for API tokens. Users can opt-in to authorize only the following actions with a given token:

  • Create annotations
  • Edit annotations
  • Edit annotations of other users (for experts and admins)
  • Delete annotations
  • Delete annotations of other users (for experts and admins)

The authorization can happen in the policy classes but how to distinguish between a "user" and a "user using a specific token" in these classes?

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions