Issue
POST /users/{pcgl_id} and DELETE /users/{pcgl_id}/study/{study_id} endpoint currently requires bearer authentication and is restricted to user tokens only.
Why
Currently in DACO, an admin user is required to add a study to users authorizations which requires us to manually remove/add studies:
- We want to be able to have a registered service be able to do this on behalf of a user so we are not reliant on manually adding/remove study access permissions. (eg... if a non-admin user has access to a study, but wishes to close the application, they are self revoking themselves from the study so our registered service will revoke that study from the users authorizations for them so they do not need admin level permissions)
Requested behavior:
Allow registered services to call these endpoints using service authentication so that the service can perform these operations on behalf of users without requiring individual user tokens.
|
/user/{pcgl_id}/study/{study_id}: |
Issue
POST /users/{pcgl_id}andDELETE /users/{pcgl_id}/study/{study_id}endpoint currently requires bearer authentication and is restricted to user tokens only.Why
Currently in DACO, an admin user is required to add a study to users authorizations which requires us to manually remove/add studies:
Requested behavior:
Allow registered services to call these endpoints using service authentication so that the service can perform these operations on behalf of users without requiring individual user tokens.
pcgl-authz/app/src/authz_openapi.yaml
Line 314 in 9821f7c
pcgl-authz/app/src/authz_openapi.yaml
Line 271 in 9821f7c