Revision e809b989 docs/source/devguide.rst
b/docs/source/devguide.rst | ||
---|---|---|
27 | 27 |
========================= ================================ |
28 | 28 |
Revision Description |
29 | 29 |
========================= ================================ |
30 |
0.8 (Jan 24, 2012) Update allowed versioning values.
|
|
30 |
0.8 (Feb 9, 2012) Update allowed versioning values.
|
|
31 | 31 |
\ Change policy/meta formatting in JSON/XML replies. |
32 | 32 |
\ Document that all non-ASCII characters in headers should be URL-encoded. |
33 | 33 |
\ Support metadata-based queries when listing objects at the container level. |
... | ... | |
37 | 37 |
\ Note that ``/login`` will only work if an external authentication system is defined. |
38 | 38 |
\ Include option to ignore Content-Type on ``COPY``/``MOVE``. |
39 | 39 |
\ Use format parameter for conflict (409) and uploaded hash list (container level) replies. |
40 |
\ Change permissions model. |
|
40 | 41 |
0.7 (Nov 21, 2011) Suggest upload/download methods using hashmaps. |
41 | 42 |
\ Propose syncing algorithm. |
42 | 43 |
\ Support cross-account object copy and move. |
... | ... | |
863 | 864 |
Return Code Description |
864 | 865 |
============================== ============================== |
865 | 866 |
201 (Created) The object has been created |
866 |
409 (Conflict) The object can not be created from the provided hashmap, or there are conflicting permissions (a list of missing hashes, or a list of conflicting sharing paths will be included in the reply)
|
|
867 |
409 (Conflict) The object can not be created from the provided hashmap (a list of missing hashes will be included in the reply)
|
|
867 | 868 |
411 (Length Required) Missing ``Content-Length`` or ``Content-Type`` in the request |
868 | 869 |
413 (Request Entity Too Large) Insufficient quota to complete the request |
869 | 870 |
422 (Unprocessable Entity) The MD5 checksum of the data written to the storage system does not match the (optionally) supplied ETag value |
... | ... | |
913 | 914 |
Return Code Description |
914 | 915 |
============================== ============================== |
915 | 916 |
201 (Created) The object has been created |
916 |
409 (Conflict) There are conflicting permissions (a list of conflicting sharing paths will be included in the reply) |
|
917 | 917 |
413 (Request Entity Too Large) Insufficient quota to complete the request |
918 | 918 |
============================== ============================== |
919 | 919 |
|
... | ... | |
991 | 991 |
============================== ============================== |
992 | 992 |
202 (Accepted) The request has been accepted (not a data update) |
993 | 993 |
204 (No Content) The request succeeded (data updated) |
994 |
409 (Conflict) There are conflicting permissions (a list of conflicting sharing paths will be included in the reply) |
|
995 | 994 |
411 (Length Required) Missing ``Content-Length`` in the request |
996 | 995 |
413 (Request Entity Too Large) Insufficient quota to complete the request |
997 | 996 |
416 (Range Not Satisfiable) The supplied range is invalid |
... | ... | |
1045 | 1044 |
Sharing and Public Objects |
1046 | 1045 |
^^^^^^^^^^^^^^^^^^^^^^^^^^ |
1047 | 1046 |
|
1048 |
Read and write control in Pithos is managed by setting appropriate permissions with the ``X-Object-Sharing`` header. The permissions are applied using prefix-based inheritance. Thus, each set of authorization directives is applied to all objects sharing the same prefix with the object where the corresponding ``X-Object-Sharing`` header is defined. For simplicity, nested/overlapping permissions are not allowed. Setting ``X-Object-Sharing`` will fail, if the object is already "covered", or another object with a longer common-prefix name already has permissions. When retrieving an object, the ``X-Object-Shared-By`` header reports where it gets its permissions from. If not present, the object is the actual source of authorization directives.
|
|
1047 |
Read and write control in Pithos is managed by setting appropriate permissions with the ``X-Object-Sharing`` header. The permissions are applied using directory-based inheritance. A directory is an object with the corresponding content type. The default delimiter is ``/``. Thus, each set of authorization directives is applied to all objects in the directory object where the corresponding ``X-Object-Sharing`` header is defined. If there are nested/overlapping permissions, the closest to the object is applied. When retrieving an object, the ``X-Object-Shared-By`` header reports where it gets its permissions from. If not present, the object is the actual source of authorization directives.
|
|
1049 | 1048 |
|
1050 | 1049 |
A user may ``GET`` another account or container. The result will include a limited reply, containing only the allowed containers or objects respectively. A top-level request with an authentication token, will return a list of allowed accounts, so the user can easily find out which other users share objects. The ``X-Object-Allowed-To`` header lists the actions allowed on an object, if it does not belong to the requesting user. |
1051 | 1050 |
|
Also available in: Unified diff