-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauthz_openapi.yaml
324 lines (323 loc) · 9.29 KB
/
authz_openapi.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
openapi: 3.0.0
info:
version: v1.0.0
title: 'PCGL Authorization Service'
description: 'API for determining authorization in PCGL'
paths:
/service-info:
get:
summary: Retrieve information about this service
description: Returns information about the ingest service
operationId: authz_operations.get_service_info
responses:
200:
description: Retrieve info about the ingest service
content:
application/json:
schema:
type: object
/group/{group_id}:
parameters:
- in: path
name: group_id
schema:
type: string
required: true
get:
summary: List users in group_id
description: List users in group_id
operationId: authz_operations.list_group
responses:
200:
description: Success
content:
application/json:
schema:
type: array
items:
type: string
description: user_ids
/service:
get:
summary: List registered services
operationId: authz_operations.list_services
responses:
200:
description: Success
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/ServiceRegistration'
post:
summary: Register service in authorization system
operationId: authz_operations.add_service
requestBody:
$ref: '#/components/requestBodies/ServiceRegistrationRequest'
responses:
200:
description: Success
/service/{service_id}:
parameters:
- in: path
name: service_id
schema:
type: string
required: true
get:
summary: Get registered service
operationId: authz_operations.get_service
responses:
200:
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/ServiceRegistration'
delete:
summary: Remove registered service
operationId: authz_operations.remove_service
responses:
200:
description: Success
/study:
post:
summary: Add authorization information for a study
description: Add authorization information for a study
operationId: authz_operations.add_study_authorization
requestBody:
$ref: '#/components/requestBodies/StudyAuthorizationRequest'
responses:
200:
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/StudyAuthorization'
get:
summary: List registered studies
description: List studies authorized on server
operationId: authz_operations.list_study_authorizations
responses:
200:
description: Success
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/StudyAuthorization'
/study/{study_id}:
parameters:
- in: path
name: study_id
schema:
type: string
required: true
get:
summary: Get authorization information for a study
description: Get authorization information for a study
operationId: authz_operations.get_study_authorization
responses:
200:
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/StudyAuthorization'
delete:
description: Delete a study
operationId: authz_operations.remove_study
responses:
200:
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/StudyAuthorization'
/user/{user_id}/study:
parameters:
- in: path
name: user_id
schema:
type: string
required: true
get:
summary: List study authorizations
description: List study authorizations for a user
operationId: authz_operations.list_studies_for_user
responses:
200:
description: Success
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/DACAuthorization'
post:
summary: Add a study authorization for a user
description: Authorize a study for a user (or update a study auth for a user)
operationId: authz_operations.authorize_study_for_user
requestBody:
$ref: '#/components/requestBodies/DACAuthorizationRequest'
responses:
200:
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/DACAuthorization'
/user/{user_id}/study/{study_id}:
parameters:
- in: path
name: user_id
schema:
type: string
required: true
- in: path
name: study_id
schema:
type: string
required: true
get:
summary: Is a user authorized for a study?
description: Is a user authorized for a study?
operationId: authz_operations.get_study_for_user
responses:
200:
description: Success
content:
application/json:
schema:
type: boolean
delete:
summary: Remove a study authorization for a user
description: Remove a study for a user
operationId: authz_operations.remove_study_for_user
responses:
200:
description: Success
content:
application/json:
schema:
type: object
/allowed:
post:
summary: Is the authorized user allowed to perform the requested action?
description: Authorize a study for a user (or update a study auth for a user)
operationId: authz_operations.is_allowed
requestBody:
$ref: '#/components/requestBodies/ActionAuthorizationRequest'
responses:
200:
description: Success
content:
application/json:
schema:
type: boolean
components:
requestBodies:
ServiceRegistrationRequest:
content:
'application/json':
schema:
$ref: "#/components/schemas/ServiceRegistration"
StudyAuthorizationRequest:
content:
'application/json':
schema:
$ref: "#/components/schemas/StudyAuthorization"
DACAuthorizationRequest:
content:
'application/json':
schema:
$ref: "#/components/schemas/DACAuthorization"
ActionAuthorizationRequest:
content:
'application/json':
schema:
type: object
properties:
action:
$ref: "#/components/schemas/Action"
studies:
description: IDs of the studies for which authorization is being requested
type: array
items:
type: string
schemas:
ServiceRegistration:
type: object
description: PCGL service and its authorizable actions.
properties:
service_id:
type: string
description: ID of service
readable:
type: array
description: Actions that allow a user to read data
items:
$ref: "#/components/schemas/Action"
editable:
type: array
description: Actions that allow a user to edit and delete data
items:
$ref: "#/components/schemas/Action"
StudyAuthorization:
type: object
description: study and the researchers involved in this study
properties:
study_id:
type: string
description: name of the study
study_curators:
type: array
description: list of users who are study curators for this study
items:
type: string
team_members:
type: array
description: list of users who are original researchers for this study
items:
type: string
creation_date:
type: string
description: date study was created, for embargo purposes. This may or may not be the date of ingest.
required:
- study_id
- study_curators
- team_members
DACAuthorization:
type: object
description: a DAC approval that authorizes a user to access a study for a specified date range
properties:
study_id:
type: string
start_date:
type: string
end_date:
type: string
required:
- study_id
- start_date
- end_date
Action:
type: object
description: an action for which authorization is requested
properties:
endpoint:
description: path to an endpoint that performs the requested action
type: string
method:
description: the operation to be performed
type: string
enum:
- GET
- POST
- UPDATE
- DELETE
required:
- endpoint
- method