27 |
27 |
========================= ================================
|
28 |
28 |
Revision Description
|
29 |
29 |
========================= ================================
|
30 |
|
0.8 (Jan 24, 2012) Update allowed versioning values.
|
|
30 |
0.8 (Feb 9, 2012) Update allowed versioning values.
|
31 |
31 |
\ Change policy/meta formatting in JSON/XML replies.
|
32 |
32 |
\ Document that all non-ASCII characters in headers should be URL-encoded.
|
33 |
33 |
\ Support metadata-based queries when listing objects at the container level.
|
... | ... | |
37 |
37 |
\ Note that ``/login`` will only work if an external authentication system is defined.
|
38 |
38 |
\ Include option to ignore Content-Type on ``COPY``/``MOVE``.
|
39 |
39 |
\ Use format parameter for conflict (409) and uploaded hash list (container level) replies.
|
|
40 |
\ Change permissions model.
|
40 |
41 |
0.7 (Nov 21, 2011) Suggest upload/download methods using hashmaps.
|
41 |
42 |
\ Propose syncing algorithm.
|
42 |
43 |
\ Support cross-account object copy and move.
|
... | ... | |
863 |
864 |
Return Code Description
|
864 |
865 |
============================== ==============================
|
865 |
866 |
201 (Created) The object has been created
|
866 |
|
409 (Conflict) The object can not be created from the provided hashmap, or there are conflicting permissions (a list of missing hashes, or a list of conflicting sharing paths will be included in the reply)
|
|
867 |
409 (Conflict) The object can not be created from the provided hashmap (a list of missing hashes will be included in the reply)
|
867 |
868 |
411 (Length Required) Missing ``Content-Length`` or ``Content-Type`` in the request
|
868 |
869 |
413 (Request Entity Too Large) Insufficient quota to complete the request
|
869 |
870 |
422 (Unprocessable Entity) The MD5 checksum of the data written to the storage system does not match the (optionally) supplied ETag value
|
... | ... | |
913 |
914 |
Return Code Description
|
914 |
915 |
============================== ==============================
|
915 |
916 |
201 (Created) The object has been created
|
916 |
|
409 (Conflict) There are conflicting permissions (a list of conflicting sharing paths will be included in the reply)
|
917 |
917 |
413 (Request Entity Too Large) Insufficient quota to complete the request
|
918 |
918 |
============================== ==============================
|
919 |
919 |
|
... | ... | |
991 |
991 |
============================== ==============================
|
992 |
992 |
202 (Accepted) The request has been accepted (not a data update)
|
993 |
993 |
204 (No Content) The request succeeded (data updated)
|
994 |
|
409 (Conflict) There are conflicting permissions (a list of conflicting sharing paths will be included in the reply)
|
995 |
994 |
411 (Length Required) Missing ``Content-Length`` in the request
|
996 |
995 |
413 (Request Entity Too Large) Insufficient quota to complete the request
|
997 |
996 |
416 (Range Not Satisfiable) The supplied range is invalid
|
... | ... | |
1045 |
1044 |
Sharing and Public Objects
|
1046 |
1045 |
^^^^^^^^^^^^^^^^^^^^^^^^^^
|
1047 |
1046 |
|
1048 |
|
Read and write control in Pithos is managed by setting appropriate permissions with the ``X-Object-Sharing`` header. The permissions are applied using prefix-based inheritance. Thus, each set of authorization directives is applied to all objects sharing the same prefix with the object where the corresponding ``X-Object-Sharing`` header is defined. For simplicity, nested/overlapping permissions are not allowed. Setting ``X-Object-Sharing`` will fail, if the object is already "covered", or another object with a longer common-prefix name already has permissions. When retrieving an object, the ``X-Object-Shared-By`` header reports where it gets its permissions from. If not present, the object is the actual source of authorization directives.
|
|
1047 |
Read and write control in Pithos is managed by setting appropriate permissions with the ``X-Object-Sharing`` header. The permissions are applied using directory-based inheritance. A directory is an object with the corresponding content type. The default delimiter is ``/``. Thus, each set of authorization directives is applied to all objects in the directory object where the corresponding ``X-Object-Sharing`` header is defined. If there are nested/overlapping permissions, the closest to the object is applied. When retrieving an object, the ``X-Object-Shared-By`` header reports where it gets its permissions from. If not present, the object is the actual source of authorization directives.
|
1049 |
1048 |
|
1050 |
1049 |
A user may ``GET`` another account or container. The result will include a limited reply, containing only the allowed containers or objects respectively. A top-level request with an authentication token, will return a list of allowed accounts, so the user can easily find out which other users share objects. The ``X-Object-Allowed-To`` header lists the actions allowed on an object, if it does not belong to the requesting user.
|
1051 |
1050 |
|