Add decicated oauth scopes for cedar metadta templates & records

cslzchen · Jan 22, 2024 · 923bea8 · 923bea8
1 parent 5da6cd4
commit 923bea8
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 5 deletions.
diff --git a/api/cedar_metadata_records/views.py b/api/cedar_metadata_records/views.py
@@ -30,8 +30,8 @@ class CedarMetadataRecordList(JSONAPIBaseView, ListCreateAPIView, ListFilterMixi
         drf_permissions.IsAuthenticatedOrReadOnly,
         base_permissions.TokenHasScope,
     )
-    required_read_scopes = [CoreScopes.ALWAYS_PUBLIC]
-    required_write_scopes = [CoreScopes.NODE_BASE_WRITE, CoreScopes.NODE_FILE_WRITE, CoreScopes.NODE_REGISTRATIONS_WRITE]
+    required_read_scopes = [CoreScopes.CEDAR_METADATA_RECORD_READ]
+    required_write_scopes = [CoreScopes.CEDAR_METADATA_RECORD_WRITE]
 
     serializer_class = CedarMetadataRecordsCreateSerializer
     parser_classes = (JSONAPIMultipleRelationshipsParser, JSONAPIMultipleRelationshipsParserForRegularJSON, )
@@ -56,8 +56,8 @@ class CedarMetadataRecordDetail(JSONAPIBaseView, RetrieveUpdateDestroyAPIView):
         drf_permissions.IsAuthenticatedOrReadOnly,
         base_permissions.TokenHasScope,
     )
-    required_read_scopes = [CoreScopes.NODE_BASE_READ, CoreScopes.NODE_FILE_READ, CoreScopes.NODE_REGISTRATIONS_READ]
-    required_write_scopes = [CoreScopes.NODE_BASE_WRITE, CoreScopes.NODE_FILE_WRITE, CoreScopes.NODE_REGISTRATIONS_WRITE]
+    required_read_scopes = [CoreScopes.CEDAR_METADATA_RECORD_READ]
+    required_write_scopes = [CoreScopes.CEDAR_METADATA_RECORD_WRITE]
 
     serializer_class = CedarMetadataRecordsSerializer
 

diff --git a/api/cedar_metadata_templates/views.py b/api/cedar_metadata_templates/views.py
@@ -19,7 +19,7 @@ class CedarMetadataTemplateList(JSONAPIBaseView, generics.ListAPIView, ListFilte
         drf_permissions.IsAuthenticatedOrReadOnly,
         base_permissions.TokenHasScope,
     )
-    required_read_scopes = [CoreScopes.ALWAYS_PUBLIC]
+    required_read_scopes = [CoreScopes.CEDAR_METADATA_RECORD_READ]
     required_write_scopes = [CoreScopes.NULL]
 
     serializer_class = CedarMetadataTemplateSerializer

diff --git a/framework/auth/oauth_scopes.py b/framework/auth/oauth_scopes.py
@@ -160,6 +160,9 @@ class CoreScopes(object):
 
     WAFFLE_READ = 'waffle_read'
 
+    CEDAR_METADATA_RECORD_READ = 'cedar_metadata_record_read'
+    CEDAR_METADATA_RECORD_WRITE = 'cedar_metadata_record_write'
+
     NULL = 'null'
 
     # NOTE: Use with extreme caution.
@@ -316,6 +319,7 @@ class ComposedScopes(object):
                 + PREPRINT_ALL_READ\
                 + GROUP_READ\
                 + (
+                    CoreScopes.CEDAR_METADATA_RECORD_READ,
                     CoreScopes.MEETINGS_READ,
                     CoreScopes.INSTITUTION_READ,
                     CoreScopes.SEARCH,
@@ -336,6 +340,7 @@ class ComposedScopes(object):
                  + PREPRINT_ALL_WRITE\
                  + GROUP_WRITE\
                  + (
+                     CoreScopes.CEDAR_METADATA_RECORD_WRITE,
                      CoreScopes.WRITE_COLLECTION_SUBMISSION_ACTION,
                      CoreScopes.WRITE_COLLECTION_SUBMISSION
                  )