Closed Bug 1011227 Opened 10 years ago Closed 9 years ago

Reviewed API keys have "mozillians"-level access to user fields

Categories

(Participation Infrastructure :: Phonebook, defect)

Product:
Participation Infrastructure
Component:
Phonebook
Version:
2015-2.3
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: hoosteeno, Unassigned)

References

Details

(Whiteboard: [kb=1635111] ) 

When we undertake bug 1011209, we'll create a mechanism for any vouched user of Mozillians.org to get an API key that can access the API with "public"-level access (bug 1011220). We'll also have a class of keys that can access the API with "mozillians"-level access. These keys will have access to information that users of the platform have shared only inside the network. Therefore, they will be subject to greater scrutiny and must meet higher standards. The working name for this class of keys is "reviewed".

API users with a reviewed key can request data from any API resource and get a complete list of matching records in response, including fields on user records marked as both "public" and "mozillians".
Clarification: 

Reviewed API keys may get "mozillians" OR greater access. E.g. some keys can get "privileged" access. The level of access will be decided by the reviewers and the application needs.
Whiteboard: [kb=1635111]
Merged here: https://github.com/mozilla/mozillians/pull/1152

At the moment this can be done in /admin
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Version: other → next
Status: RESOLVED → VERIFIED
Version: next → 2015-2.3
You need to log in before you can comment on or make changes to this bug.