Commit Graph

13 Commits

Author SHA1 Message Date
Sam
f4f5524190 FEATURE: user API now contains scopes so permission is granular
previously we supported blanket read and write for user API, this
change amends it so we can define more limited scopes. A scope only
covers a few routes. You can not grant access to part of the site and
leave a large amount of the information hidden to API consumer.
2016-10-14 16:05:42 +11:00
Sam
e6fcaadd45 FIX: redirects back to origin for SSO and omniauth login 2016-09-16 13:48:50 +10:00
Sam
2d859ba0ed FIX: user api should always be available to staff 2016-09-12 15:42:06 +10:00
Sam
1d281e02c7 id is optional if already specified in header 2016-09-02 17:08:46 +10:00
Sam
be0fd5b4cc FEATURE: allow user api key revocation for read only keys 2016-09-02 17:04:00 +10:00
Sam
ca79c4b276 stop eating up push_urls 2016-08-26 13:23:06 +10:00
Sam
691f739f11 better error handling
push notifications imply read access, no need for a special permission
2016-08-23 16:48:00 +10:00
Sam
79c1d3459b line was there twice 2016-08-17 17:03:48 +10:00
Sam
91b72936c4 Normalize away a requested push if for some reason we can not push there 2016-08-17 16:44:38 +10:00
Sam
a25a8115e8 FEATURE: support HEAD request to /user-api-key/new
This allows us to cleanly sniff to find if it exists
2016-08-17 09:58:19 +10:00
Sam
416e7e0d1e FEATURE: basic UI to view user api keys 2016-08-16 17:06:52 +10:00
Sam
b7cea24d76 FEATURE: more user API flow, support key creation 2016-08-16 17:06:52 +10:00
Sam
fc095acaaa Feature: User API key support (server side implementation)
- Supports throttled read and write
- No support for push yet, but data is captured about intent
2016-08-15 17:59:36 +10:00