User management endpoint documentation #574
Conversation
Signed-off-by: Jeny Sadadia <[email protected]>
Signed-off-by: Jeny Sadadia <[email protected]>
JenySadadia
force-pushed
the
user-management-documentation
branch
from
02fbdb3 to
8a77e2b
Compare
| This will return an authorization bearer token. | ||
|
|
||
|
|
||
| ### Get all existing users |
There was a problem hiding this comment.
Is this not an admin-only action? I believe this kind of information should have limited exposure
(this comment does not affect merging this patch but a new task to limit information access might be required)
There was a problem hiding this comment.
This endpoint was initially admin only. But then requirements changed and we needed to make it public. I believe it was one of the requirements from @nuclearcat.
| ``` | ||
|
|
||
|
|
||
| ### Get user account matching user ID |
| ### Update own user account | ||
|
|
||
| A user can update certain information for its own account, such as | ||
| `email`, `username`, `password`, and `groups` with a `PATCH /user/me` request. |
There was a problem hiding this comment.
groups too? 😲
(this comment does not affect merging this patch but a new task to limit user access might be required)
There was a problem hiding this comment.
Yes, the idea was that the user should be able to add and remove its user account to a group.
But yes, there has to be a concept of restricted groups which was in place when we used to have a specific user group for admin users (i.e. admin group). But then we eliminated the group and hence no restrictions are in place now.
Closes #521
Document user and user group endpoints.