(Capturing all the details from the call here)
Phase 1 - Allow creation of Private content + Searching and Reading of Private content
Phase 2 - Allow conversion of Private content to Public Content
In 4.2 - These 2 phases will be done
Phase 3 - Allow conversion of Public content to be Private <Use case for this needs to be defined, before considering development>
Resource needed - Java Scala
Public Search API
In the current behavior, it also returns private content, if specifically asked for it. One change that needs to be done is to limit this behavior to stop returning Private content and only public content should be returned
Private Search API
Copy of the public search API. with the relaxation of returning Private + Public content.
Restricting private content access:
API Token-based access, to call the Private APIs, API tokens will be needed.
Restricting content within the organization/tenant
User token is also needed along with API token while making the API call - Based on User’s organization/channel private data will be shared
In the case of external apps calling the private API → The API token can be linked to a channel
When a private API call is made
User token is checked for org/channel
Channel details if added by Kong is checked (based on API token)
If the channel is not found → then the access is restricted as unauthorized access
(Similar implementation is already done for Data Exhaust)
Complexity:
The above approach restricts the searching and accessing of content only within the tenant organization and not across organizations.
For example - there is a question creation organization called Akshara which creates questions/ question papers. How can they get access to the private content?How will be the behavior for the Sourcing - Since there is no channel defined for the content till it is published
Read API behavior:
Read → Shows last published content only, if not published returns no value
Read with mode edit → Returns WIP content
Add Comment