Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Implementation design call on 19th July 9-10:30 am

Attended by - Rayulu, Mahesh, Kartheek, Kamesh, Bharat, Aayush, Saket

(Capturing all the details from the call here)

Phase 1 - Allow creation of Private content + Searching and Reading of Private content

Phase 2 - Allow conversion of Private content to Public Content

In 4.2 - These 2 phases will be done

Phase 3 - Allow conversion of Public content to be Private <Use case for this needs to be defined, before considering development>

Resource needed - Java Scala

Public Search API

  1. In the current behavior, it also returns private content, if specifically asked for it. One change that needs to be done is to limit this behavior to stop returning Private content and only public content should be returned

Private Search API

  1. Copy of the public search API. with the relaxation of returning Private + Public content.

  2. Restricting private content access:

    1. API Token-based access, to call the Private APIs, API tokens will be needed.

  3. Restricting content within the organization/tenant

    1. User token is also needed along with API token while making the API call - Based on User’s organization/channel private data will be shared

    2. In the case of external apps calling the private API → The API token can be linked to a channel

  4. When a private API call is made

    1. User token is checked for org/channel

    2. Channel details if added by Kong is checked (based on API token)

    3. If the channel is not found → then the access is restricted as unauthorized access

(Similar implementation is already done for Data Exhaust)

Complexity:

  1. The above approach restricts the searching and accessing of content only within the tenant organization and not across organizations.
    For example - there is a question creation organization called Akshara which creates questions/ question papers. How can they get access to the private content?

  2. How will be the behavior for the Sourcing - Since there is no channel defined for the content till it is published

Read API behavior:

Read → Shows last published content only, if not published returns no value

Read with mode edit → Returns WIP content

  • No labels