Git Product home page Git Product logo

civicrm_tools's People

Contributors

colorfield avatar

Watchers

avatar avatar

Forkers

wadelson miloskroulik

civicrm_tools's Issues

Limit REST exposed data via configuration

Problem/motivation

The current implementation of the REST endpoint dedicated to users by group (/api/civicrm_tools/users/group/{group_id}) potentially exposes CiviCRM contacts as their Drupal user counterpart.
It must be reduced to what is necessary for a third party application.

There are two scopes

  • CiviCRM groups
  • User data

This is mitigated by the fact that

  • the CiviCRM contact must have a Drupal user account and must be part of a CiviCRM group to be exposed by the web service
  • the authenticated user that creates the request must have the 'view user information' permission.

Proposed resolution

A first naive approach is a per endpoint configuration to limit groups and fields.
A more sustainable approach could be a relation between entities (user, group, ...) and web service client(s).

User data that are exposed by default

                "uid": [{
			"value": "1"
		}],
		"uuid": [{
			"value": "xxx"
		}],
		"langcode": [{
			"value": "en"
		}],
		"preferred_langcode": [{
			"value": "en"
		}],
		"preferred_admin_langcode": [{
			"value": "en"
		}],
		"name": [{
			"value": "[email protected]"
		}],
		"mail": [{
			"value": "[email protected]"
		}],
		"timezone": [{
			"value": "Europe\/Brussels"
		}],
		"status": [{
			"value": "1"
		}],
		"created": [{
			"value": "1442908689"
		}],
		"changed": [{
			"value": "1527584362"
		}],
		"access": [{
			"value": "1528284678"
		}],
		"login": [{
			"value": "1528280397"
		}],
		"init": [{
			"value": "email address"
		}],
		"roles": [{
			"target_id": "administrator"
		}],
		"default_langcode": [{
			"value": "1"
		}],
		"metatag": [],
		"path": [{
			"pid": "1",
			"source": "\/user\/1",
			"alias": "\/user\/profile\/1",
			"langcode": "en"
		}],
		"content_translation_source": [{
			"value": "und"
		}],
		"content_translation_outdated": [{
			"value": "0"
		}],
		"content_translation_uid": [{
			"target_id": "0"
		}],
		"content_translation_status": [{
			"value": "1"
		}],
		"content_translation_created": [{
			"value": "1522826475"
		}],
		"user_picture": []

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.