Feature #1401
closed
API: file access
Description
For another front end the images need to be available through the API. Since right now, images are only available to logged-in user, it created an extra path /api/display/, where the images are shown if api setting is on public.
Please share thoughts about that, I would like to add it to the new version.
A further feature would be at api settings, that admin/manager can control, if images are available if api is public.
Updated by Alexander Watzinger over 3 years ago
- Subject changed from API: Make linked images available to API: file access
- Status changed from New to Acknowledged
Good question. It works with the THANADOS (Flask) frontend because there authorization uses the functionality of the backend. My thoughts:
Images are not in the web root folder, so not available by default and that won't change.
We can implement that they are accessible if the API is public, I wouldn't make an extra option because either you have access to data (including file data) or not.
I generally don't want to get into the (quite possible) mess to allow API access on a per entity level basis but with files we could restrict access to files with a specified license. Luckily license is a standard type (the root type can't be deleted or renamed) but we may add a whitelist to further define which licenses are ok for public access.
Updated by Bernhard Koschiček-Krombholz over 3 years ago
We can implement that they are accessible if the API is public, I wouldn't make an extra option because either you have access to data (including file data) or not.
I implemented it this way. And there I have a reason to write manual text with sphinx....
Updated by Bernhard Koschiček-Krombholz over 3 years ago
Coding complete. To do: Code commentation of api_access, sphinx documentation and nosetests
Updated by Bernhard Koschiček-Krombholz over 3 years ago
- Status changed from Acknowledged to Closed
Updated by Alexander Watzinger over 3 years ago
- Target version changed from 6.0.0 to 5.6.0