Skip to content

Make POST and Delete /user/study endpoints accessible through registered services. #76

Description

@JamesTLopez

Issue

POST /users/{pcgl_id} and DELETE /users/{pcgl_id}/study/{study_id} endpoint currently requires bearer authentication and is restricted to user tokens only.

Why

Currently in DACO, an admin user is required to add a study to users authorizations which requires us to manually remove/add studies:

  • We want to be able to have a registered service be able to do this on behalf of a user so we are not reliant on manually adding/remove study access permissions. (eg... if a non-admin user has access to a study, but wishes to close the application, they are self revoking themselves from the study so our registered service will revoke that study from the users authorizations for them so they do not need admin level permissions)

Requested behavior:
Allow registered services to call these endpoints using service authentication so that the service can perform these operations on behalf of users without requiring individual user tokens.

/user/{pcgl_id}/study/{study_id}:

/user/{pcgl_id}:

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions