We are planning to use DHIS OAuth in our application.
We want to make API calls to view/add/update/delete the events, programs, dataSets, dataValues etc. For this we want to figure out minimum list of authorities so that access token generated from the user’s login detail should be able to make api calls.
Requirement :
We require a user login that can make api calls to fetch data, but they should not be able to update data directly through DHIS.
**What we tried : **
We tried to assign selective authorities to the particular user role and we have following observation :
When we assign no authorities to the user role, and make api call for events we got below response
When we assign the authority ‘ALL’ to the user role, and make api call for events we were able to get all the events. This also enables the user to make update data directly from DHIS.
When we assign all authorities except ‘ALL’ to the user role, and make api call for events we got the same response as above.
Could you please help us to figure out the minimum authority to make API calls?
We are planning to use DHIS OAuth in our application.
We want to make API calls to view/add/update/delete the events, programs, dataSets, dataValues etc. For this we want to figure out minimum list of authorities so that access token generated from the user’s login detail should be able to make api calls.
Requirement :
We require a user login that can make api calls to fetch data, but they should not be able to update data directly through DHIS.
**What we tried : **
We tried to assign selective authorities to the particular user role and we have following observation :
When we assign no authorities to the user role, and make api call for events we got below response
When we assign the authority ‘ALL’ to the user role, and make api call for events we were able to get all the events. This also enables the user to make update data directly from DHIS.
When we assign all authorities except ‘ALL’ to the user role, and make api call for events we got the same response as above.
Could you please help us to figure out the minimum authority to make API calls?
This sounds like a bug to me (seems we are not properly filtering the paging component of the result). Would you mind filing a issue at jira.dhis2.org ? (if you have already, please let me know the issue number)
We are planning to use DHIS OAuth in our application.
We want to make API calls to view/add/update/delete the events, programs, dataSets, dataValues etc. For this we want to figure out minimum list of authorities so that access token generated from the user’s login detail should be able to make api calls.
Requirement :
We require a user login that can make api calls to fetch data, but they should not be able to update data directly through DHIS.
**What we tried : **
We tried to assign selective authorities to the particular user role and we have following observation :
When we assign no authorities to the user role, and make api call for events we got below response
When we assign the authority ‘ALL’ to the user role, and make api call for events we were able to get all the events. This also enables the user to make update data directly from DHIS.
When we assign all authorities except ‘ALL’ to the user role, and make api call for events we got the same response as above.
Could you please help us to figure out the minimum authority to make API calls?
Thanks for your reply. We have raised jira ticket. Please have a look.
···
On Thu, Aug 16, 2018 at 1:36 PM, Morten Olav Hansen morten@dhis2.org wrote:
Hi
This sounds like a bug to me (seems we are not properly filtering the paging component of the result). Would you mind filing a issue at jira.dhis2.org ? (if you have already, please let me know the issue number)
We are planning to use DHIS OAuth in our application.
We want to make API calls to view/add/update/delete the events, programs, dataSets, dataValues etc. For this we want to figure out minimum list of authorities so that access token generated from the user’s login detail should be able to make api calls.
Requirement :
We require a user login that can make api calls to fetch data, but they should not be able to update data directly through DHIS.
**What we tried : **
We tried to assign selective authorities to the particular user role and we have following observation :
When we assign no authorities to the user role, and make api call for events we got below response
When we assign the authority ‘ALL’ to the user role, and make api call for events we were able to get all the events. This also enables the user to make update data directly from DHIS.
When we assign all authorities except ‘ALL’ to the user role, and make api call for events we got the same response as above.
Could you please help us to figure out the minimum authority to make API calls?