CUBE users

[jennydaman]

Background

Currently, ChRIS backend (CUBE) users can be created:

• by calling Python code to create either a user or superuser
• create a user account by doing an unauthenticated POST request to api/v1/users/

User permissions can be managed only via the HTML web app /chris-admin/, there is no HTTP API for this.

"chris" user edge case

Many places in the code which consider a user with the username "chris" as having elevated privileges. e.g. https://github.com/FNNDSC/ChRIS_ultron_backEnd/blob/5d3c2e288528571677feb3fbc110d668de5ad164/chris_backend/uploadedfiles/permissions.py

In general, edge cases are a code smell and can have security implications. Due to the existence of the "chris" user, in the past we've had confusion and inconsistencies about what abilities users have.

Proposal

Implement a more sophisticated user permissions model, potential features being:

• role-based access control (e.g. to files, feeds, plugins)
• layered permissions model
• ability to generate API tokens and restrict tokens to access specific APIs, in either read or read-write mode

This system should supersede the "chris" username edge case.