I’m trying to figure out the best way to make Knora API v2 deal consistently with resources and values that the user doesn’t have permission to see.
Currently, Gravsearch returns HTTP 200 and a
ForbiddenResource for each resource that you don’t have permission to see. But everything else in API v2 returns either:
NotFoundException(HTTP 404): “One or more requested resources were not found (maybe you do not have permission to see them, or they are marked as deleted)”
If you request a resource containing values that you don’t have permission to see, those values are simply invisible.
If you request a resource containing a link to a resource that you don’t have permission to see, you get a link value containing only the target resource’s IRI, and no other information about the target resource.
This all seems inconsistent.
The idea of using HTTP 404, and hiding values, dates back to when we were trying to keep the user from finding out about the existence of things they don’t have permission to see. We decided to abandon that approach a few months ago (see Change in the way Gravsearch results are filtered according to permissions):
the purpose of permissions on resources and values is to respect copyright, not to protect privacy.
Therefore, issue #1543 says:
If you request two resources from
/v2/resources, and you only have permission to see one of them, you should get one resource and one
Also, #1521 changed Gravsearch so that if you don’t have permission to see a dependent resource, you get a link value with just the target resource’s IRI. This is also what
/v2/resourcesdoes. It would be more consistent to use
ForbiddenResourcefor the dependent resource, too.
I started work on this in #1615. Thinking about it some more, I wonder if it would also make sense to create a
ForbiddenValue and return it for each value that the user doesn’t have permission to see. Then the user would always know that there’s something there that they don’t have access to, whether it’s a resource or a value. Then they could ask someone for access to it.
Does anyone have an opinion about this?