dhis2-devs-core team mailing list archive

[Jason Pickering <jason.p.pickering@xxxxxxxxx>]

https://www.dhis2.org/doc/snapshot/en/implementer/html/ch08s03.html#d5e623

will show you how to make resources available.

Use with caution.

Regards,
Jason


On Thu, Apr 23, 2015 at 11:03 AM, Bob Jolliffe <bobjolliffe@xxxxxxxxx>
wrote:

> You could also facade it at the reverse web proxy ie. have a publicly
> accessable location which is a proxy for an upstream request to
> /api/organisationUnits etc which provides the required basic
> authentication hidden in the proxy configuration.
>
> On 23 April 2015 at 09:58, Bob Jolliffe <bobjolliffe@xxxxxxxxx> wrote:
> > On 23 April 2015 at 09:35, Rangarirai Matavire <matavirer@xxxxxxxxx>
> wrote:
> >> Thanks,
> >> Is it possible to create a user with no privileges?
> >
> > Well as little as possible ...
> >
> > Please check demo.dhis2.org.
> >
> > I just created a role called "metadata client" and assigned no
> > authorities to it.
> >
> > Then created a user called facility (password Facility1) with role
> > "metadata client".
> >
> > You can see that with these credentials you can't do much with the
> > application, but you *can* browse the api at
> > https://apps.dhis2.org/demo/api/ including the orgunits at
> > https://apps.dhis2.org/demo/api/organisationUnits.
> >
> > AFAIK that is the minimum level of access you can give an account, and
> > is sufficient to be able to export orgunits which is what you need.
> >
> > Unfortunately the user also has access to all sorts of other metadata
> > like charts, reports, user details which is really not ideal if all we
> > want to expose is an interface for an orgunit synchronisation..  Would
> > be preferable to be able to tie it down to just orgunits,
> > orgunitgroups (and sets) and levels.
> >
> > There are also other "standard" api like CSD and FRED, but for dhis2
> > synching you are best working with the native api.
> >
> > Cheers
> > Bob
> >
> >>
> >> On Thu, Apr 2, 2015 at 6:58 PM, Lars Helge Øverland <
> larshelge@xxxxxxxxx>
> >> wrote:
> >>>
> >>> Hi Bob,
> >>>
> >>> yes that is correct.
> >>>
> >>> You can read but of course not create org units without explicit
> >>> authority.
> >>>
> >>> For most objects we now have "sharing" applied, which means you could
> make
> >>> that meta-data private (hidden). We do not have sharing for org units
> due to
> >>> the nature of the hierarchy (would be problematic if some higher-level
> org
> >>> units were private/hidden).
> >>>
> >>> regards,
> >>>
> >>> Lars
> >>>
> >>>
> >>> On Thu, Apr 2, 2015 at 6:36 PM, Bob Jolliffe <bobjolliffe@xxxxxxxxx>
> >>> wrote:
> >>>>
> >>>> Hi
> >>>>
> >>>> I am struggling to find an required authority to create a user which
> >>>> has readonly access to the orgunits.
> >>>>
> >>>> Specifically I want to create an account for a facility registry type
> >>>> client who can read orgunits (+groups, levels, attributes) from the
> >>>> api - and no acces to anything else.  Am I missing something silly?
> >>>> The default seems to be If I create a user with no privileges
> >>>> whatsoever that user has access to the api metadata and resource
> >>>> endpoints.  Is that the way it is?
> >>>>
> >>>> Cheers
> >>>> Bob
> >>>>
> >>>> --
> >>>> Mailing list: https://launchpad.net/~dhis2-devs-core
> >>>> Post to     : dhis2-devs-core@xxxxxxxxxxxxxxxxxxx
> >>>> Unsubscribe : https://launchpad.net/~dhis2-devs-core
> >>>> More help   : https://help.launchpad.net/ListHelp
> >>>
> >>>
> >>
>
> --
> Mailing list: https://launchpad.net/~dhis2-devs-core
> Post to     : dhis2-devs-core@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-devs-core
> More help   : https://help.launchpad.net/ListHelp
>



-- 
Jason P. Pickering
email: jason.p.pickering@xxxxxxxxx
tel:+46764147049