- Description has changed: Diff:
~~~~ --- old +++ new @@ -1 +1 @@ -We should be able to optionally assign a specific (named?) `ProjectRole` to a token to restrict its access level instead of always giving the full permissions of the user that created it. Since the token is currently used to set the user in the session, we'll need to override the `ProjectRole` returned for that user somehow, for the duration of the request. +We should be able to optionally assign a specific (named?) `ProjectRole` to an `OAuthAccessToken` to restrict its access level instead of always giving the full permissions of the user that created it. Since the token is currently used to set the user in the session, we'll need to override the `ProjectRole` returned for that user somehow, for the duration of the request. ~~~~ --- ** [tickets:#6846] OAuth improvement: reduce token rights** **Status:** open **Created:** Tue Nov 05, 2013 06:17 PM UTC by Cory Johns **Last Updated:** Tue Nov 05, 2013 06:17 PM UTC **Owner:** nobody We should be able to optionally assign a specific (named?) `ProjectRole` to an `OAuthAccessToken` to restrict its access level instead of always giving the full permissions of the user that created it. Since the token is currently used to set the user in the session, we'll need to override the `ProjectRole` returned for that user somehow, for the duration of the request. --- Sent from sourceforge.net because [email protected] is subscribed to https://sourceforge.net/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
