Create a plan how to deliver file-level permissions to Data API #85
Labels
Dataedge
Issue is related to Dataedge microservice
Filedatabase
Issue is related to Filedatabase microservice
htsget
These issues are related to htsget microservice
Comments
AlexanderSenf
added
Dataedge
|
I agree with what you say but there are 2 cases where I think it is different. The authentication is delegated to another service and I see permissions in the same way. In this case the external call to a server does not get any file information nor any files that are associated with a dataset. It is just a permission check to a server to see if the user that holds that token has permissions to access that file. Also the reason for the permissions check being in the dataedge is because that is where the permission check and is the network layer where it has access to the outside world. Also I think it will be used by more thatn one deployment. |
juhtornr
changed the title
|
Related issue #3 ... but not sure to what degree. |
|
@AlexanderSenf is this fixed by #122 ? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is an important long-term issue. The addition of API calls to fetch file level permissions violates the architecture of the Data API. [I apologize for never really describing the architecture and its goals and motivations .. I will do that shortly!]
The correct way to resolve this issue is: remove any external API calls from data-edge as well as htsget; move that call to the filedatabase service; resolve it internally, but leave the htsget and data-edge implementation untouched.
One of the aims of the Data API architecture is to have a unified, simple, and small code base for all API-supported functionality, which can be deployed without changes at any node (including EBI). An architectural devision was made to outsource any interfaces with local infrastructure to a supporting microservice: in case of listing files per dataset, that is the filedatabase service. If a local site wants to fetch file information from an API rather than a database, the architecturally correct location is file-database. That way the main functionality-providing code (data-edge, htsget), can remain identical).
The reason is to keep the main components of the code as simple and universal as possible. There shouldn't be 'dead' code (only used by a single deployment) in the main part of the API, even if it is just an extra implementation class! The first aim should be to assess whether deviating/new code is really necessary; and secondly to externalize it into the appropriate sub-microservice (that is the reason file-database, and key, ... even exist: to externalize differences in deployment and environment and to unify and simplify the main code components) .
The text was updated successfully, but these errors were encountered: