From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mail.toke.dk; spf=pass (mailfrom) smtp.mailfrom=irif.fr (client-ip=2001:660:3301:8000::1:2; helo=korolev.univ-paris7.fr; envelope-from=jch@irif.fr; receiver=) Authentication-Results: mail.toke.dk; dkim=pass (2048-bit key; unprotected) header.d=irif.fr header.i=@irif.fr header.a=rsa-sha256 header.s=dkim-irif header.b=rICzdy3l Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) by mail.toke.dk (Postfix) with ESMTPS id 1705AA9B157 for ; Mon, 02 Dec 2024 13:08:31 +0100 (CET) Received: from potemkin.univ-paris7.fr (potemkin.univ-paris7.fr [IPv6:2001:660:3301:8000::1:1]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id 4B2C8USi012703 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 2 Dec 2024 13:08:30 +0100 Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by potemkin.univ-paris7.fr (8.14.4/8.14.4/relay2/82085) with ESMTP id 4B2C8Tci008712; Mon, 2 Dec 2024 13:08:29 +0100 Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id AE8D07DC06; Mon, 2 Dec 2024 13:08:29 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=irif.fr; h= content-type:content-type:mime-version:user-agent:references :in-reply-to:subject:subject:from:from:message-id:date:date :received:received; s=dkim-irif; t=1733141308; x=1734005309; bh= ht9Ao9dc9s1RYJFi2NBgZ1SgQEpZkY+5mJl66Bae4aA=; b=rICzdy3lH0ULjPk5 HN/f5wt18R7jcah9CA+mCbMGCpGt2RI1p8itXaNQqb6QhxDy/lCICRvoLwF9DPOy Zc6UVSI/nZH2YQLKdPTMSXdTrELbQfLghkI3k89/efhQ0ctjHZwL0/MBcJD2a8Hg 2QOX8vgfTitW5jT2Ennx5/Cu8A6jwIYcrg45dQOpcCKMxbDMG2kxQRbgQXkiMnte uIMs2pnms4TTHCvf2BMRRtiBj6Q4n8nFqmwX159ZkzM7E+bUs3Z3ru64XFQdBYrO 0Ug4WzSt/SpJ6yN3e5lsWUDXLjqkRQ9BAfPtwcHUQppvS4VUwcAZzO0SNCK+RrwL lz1aqA== X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id tZ4ZwH-bznid; Mon, 2 Dec 2024 13:08:28 +0100 (CET) Received: from pirx.irif.fr (unknown [37.175.105.40]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 151D67D9FE; Mon, 2 Dec 2024 13:08:27 +0100 (CET) Date: Mon, 02 Dec 2024 13:08:27 +0100 Message-ID: <87iks2jnic.wl-jch@irif.fr> From: Juliusz Chroboczek To: Marty Betz In-Reply-To: References: User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/29.4 Mule/6.0 MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]); Mon, 02 Dec 2024 13:08:30 +0100 (CET) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (potemkin.univ-paris7.fr [194.254.61.141]); Mon, 02 Dec 2024 13:08:29 +0100 (CET) X-Miltered: at korolev with ID 674DA33E.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-Miltered: at potemkin with ID 674DA33D.001 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-j-chkmail-Enveloppe: 674DA33E.000 from potemkin.univ-paris7.fr/potemkin.univ-paris7.fr/null/potemkin.univ-paris7.fr/ X-j-chkmail-Enveloppe: 674DA33D.001 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/ X-j-chkmail-Score: MSGID : 674DA33E.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000 X-j-chkmail-Score: MSGID : 674DA33D.001 on potemkin.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000 X-j-chkmail-Status: Ham X-j-chkmail-Status: Ham Message-ID-Hash: KVTBLLPGKQLHUQWZ7F4UXUZHREABUBFW X-Message-ID-Hash: KVTBLLPGKQLHUQWZ7F4UXUZHREABUBFW X-MailFrom: jch@irif.fr X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: galene@lists.galene.org X-Mailman-Version: 3.3.10 Precedence: list Subject: [Galene] Re: Admin group creation List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Hello, > In particular I tried to create a group using PUT method with JSON body and it > works fine for simple groups Good. > But if I include a "users" list or a "wildcard-user" value, it fails with a > "description is not sanitized" error. Right. That's by design. > Why is this "sanitized" check existing in UpdateDescription(). The API splits the group description into two parts: - the "sanitised" group description itself; - the users' database. Every user, in turn, is split into two parts: - the user description; - the password. So in order to create a group, you need to make 1 + 2n requests: - create the group: PUT /api/v0/.groups/groupname - for every user - create the user: PUT /api/v0/.groups/groupname/.users/username - set the password: PUT /api/v0/.groups/groupname/.users/username/.password You use .wildcard-user for the wildcard user. The main reason why I've used this organisation is that it makes fine-grained access control possible: for example, a normal (non-admin) user is allowed to change their own password, but they're of course not allowed to change the rest of the group description. Conversely, an admin is allowed to change the group description, but they're not allowed to GET a password. (There are other advantages, but they're less important, so I won't bore you with them here.) The main drawback, of course, is that it makes some operations inefficient. For example, in order to display the list of users together with their persmissions, you need to do this: GET /api/v0/.groups/groupname/.users/ for every user GET /api/v0/.groups/groupname/.users/username (It also makes the operation non-atomic: if a user is deleted between the first and the subsequent GET, then you'll unexpectedly get a 404 error. Oh, well.) If it becomes a problem in the future, I'll extend the API with operations over collections, but until we gain more experience with the API, I'd rather stick to simple operations only. By the way: the main user of the API right now is the galenectl program, which you're find in the Galene sources. Feel free to copy-paste code from there. I hope this helps, -- Juliusz Chroboczek