TG-auth* API (crud)

registerResource

Registers a resource in the database. Assigns standard permissions to roles in project:

Role Right on Resource
Projektleiter (project leader) delegate, publish
Administrator delete
Bearbeiter (editor) read, write
Beobachter (observer) read

These permissions can be adapted afterwards. User needs create right on project resource, see createProject().

This function is only for use by TG-crud. Clients should call TG-crud#create() instead.

  • Input Parameters registerResorceRequest, with elements
    • auth - String, SessionID of future owner of this resource
    • log - String for log information, optional
    • secret - String known by TG-crud to authenticate itself
    • project - String with project ID, such as “TGPR123”
    • uri - String holding URI of TgObject resource to be registered in RBAC
  • Output Parameters operationsSetResponse, with element
    • operation (0..n) Strings with permissible operations on the newly created resource
  • Faults
    • authenticationFault
    • rbacFault - if resource could not be registered successfully

unregisterResource

Removes resource from database. User needs delete right on resource. Only for use by TG-crud. Clients should call TG-crud#delete() instead.

  • Input Parameters unregisterResourceRequest, with elements
    • auth - String, SessionID of requester
    • log - String for log information, optional
    • secret - String known by TG-crud to authenticate itself
    • uri - String holding URI of TgObject resource to be removed from RBAC
  • Output Parameters booleanResponse, with element
    • result - boolean, true if operation was successful, false otherwise
  • Faults
    • unknownResourceFault
    • authenticationFault

tgCrudCheckAccess

Returns access decision for given operation on given resource for session. In addition the owner of the session and informations on the project is returned. Only for use by TG-crud.

  • Input Parameters tgCrudCheckAccessRequest, with elements
    • auth - String, SessionID of user (or service) that wants to intitiate the check
    • log - String for log information, optional
    • secret - String known by TG-crud to authenticate itself
    • sid - String, SessionID of user for whom the check is to be done. Leave empty if check is to be done for user’s own session given under auth
    • operation - String, such as “read”, “write”
    • resource - String, name of project or role, or URI of TgObject resource
  • Output Parameters tgCrudCheckAccessResponse, with elements
    • public
    • project
    • username
    • operation
  • Faults
    • unknownResourceFault

putCRT

Puts the signed Certificate into the RBAC’s accompanying daemon that holds the key.

  • Input Parameters putCRTRequest, with elements
    • auth - String, SessionID of user
    • log - String for log information, optional
    • crt - the Certificate as a String
  • Output Parameters putCRTResponse, with element
    • success, Boolean
  • Faults
    • authenticationFault
    • unknownResourceFault

getEPPN

Returns ePPN (aka TextGrid ID) of authenticated user. As this function could be used for SID guessing, the caller must know a secret.

  • Input Parameters getEPPNRequest, with elements
    • auth - String, SessionID of user that wants to query his ePPN
    • log - String for log information, optional
    • secret - String known by TG-crud to authenticate itself
  • Output Parameters getEPPNResponse, with element
    • eppn - String, ePPN of user
  • Faults
    • authenticationFault

getUUID

Returns UUID (full path including server address) of the resource. User must have read permission on the resource, or resource must be public.

  • Input Parameters getUUIDRequest, with elements
    • auth - String, SessionID of user that wants to query for the UUID
    • log - String for log information, optional
    • secret - String known by TG-crud to authenticate itself
    • resource - String, URI of TgObject
  • Output Parameters getUUIDResponse, with element
    • uuid - String, UUID if defined
  • Faults
    • authenticationFault

publish

Sets the isPublic flag of a TextGridObject identified by its URI to TRUE. The resource will then be world-readable. This is irreversible (only by manual modification of the database) and needs the publish right, which by default is granted to project leaders.

  • Input Parameters publishRequest, with elements
    • auth - String, SessionID of user that wants publish
    • log - String for log information, optional
    • secret - String known by TG-crud to authenticate itself
    • resource - String, URI of TgObject
  • Output Parameters booleanResponse, with element
    • result - boolean, true if operation was successful, false otherwise
  • Faults
    • authenticationFault

getSLC

CRUD may use this to retrieve a Short-Lived Certificate Key pair in PEM format for the user.

  • Input Parameters getSLCRequest, with elements
    • auth - String, SessionID of user
    • log - String for log information, optional
    • secret - String known by TG-crud to authenticate itself
  • Output Parameters getSLCResponse, with element
    • slc - Base64binary String with the key pair. Contains only printable ASCII Character.
  • Faults
    • authenticationFault
    • unknownResourceFault

nearlyPublish

  • Input Parameters nearlyPublishRequest, with elements
    • auth - String, SessionID of user
    • log - String for log information, optional
    • secret - String known by TG-crud to authenticate itself
    • resource - String, URI of TgObject
  • Output Parameters booleanResponse, with element
    • result - boolean, true if operation was successful, false otherwise
  • Faults
    • authenticationFault
    • unknownResourceFault

getCSR

The Portal may use this to retrieve a Dummy Certificate Signing Request (CSR) in PEM format, for which the RBAC’s accompanying daemon will hold the real key.

  • Input Parameters getCSRRequest, with elements
    • auth - String, SessionID of user
    • log - String for log information, optional
  • Output Parameters getCSRResponse, with element
    • csr - Base64binary String with the CSR. Contains only printable ASCII Character
  • Faults
    • authenticationFault
    • unknownResourceFault