]> git.arvados.org - arvados.git/commit
projects / arvados.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 56303d3) | patch
2044: Non-admins get all users' basic info from index API.
authorBrett Smith <brett@curoverse.com>
Mon, 7 Jul 2014 15:01:30 +0000 (11:01 -0400)
committerBrett Smith <brett@curoverse.com>
Mon, 14 Jul 2014 19:10:33 +0000 (15:10 -0400)
commitbe6e47b1274d4b4e80afe51593222f99d90bac66
tree2d136267ef1031bf6d38018a223d79497fbe6c2atree | snapshot
parent56303d3c734fa0ed9d5f077aac60b97596506efccommit | diff
2044: Non-admins get all users' basic info from index API.

This will support a Workbench feature to let users at the same site
share projects with each other.  Adding kind to index requests with
select parameters is necessary to help Workbench understand the
result.

There was extensive discussion on IRC about whether or not e-mail
addresses should be included in this information.  We toyed with ideas
like providing an e-mail address checksum, so that you could find
exact but not partial matches.  Ultimately I decided that none of
those measures were worth the hassle, because the domain of addresses
at any given site would be small enough that they would easily be
discoverable through brute force.
services/api/app/controllers/application_controller.rb diff | blob | history
services/api/app/controllers/arvados/v1/users_controller.rb diff | blob | history
services/api/test/functional/arvados/v1/users_controller_test.rb diff | blob | history
services/api/test/integration/permissions_test.rb diff | blob | history
services/api/test/integration/select_test.rb diff | blob | history