1. Home
  2. Categories
  3. Support
  4. Security task to view asset metadata only

Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Security task to view asset metadata only

  • S

    Is this possible? It seems the 'Download package' task grants permission to view metadata. I would like to allow anonymous users to view metadata of the files in a particular asset directory, without them being able to download the files.

    0
  • Dan_Woolf
    inedo-engineer

    Hi @sgardj_2482,

    You can create a custom task under Administration -> Manage Security -> Tasks / Permissions then click Customize Tasks in the upper right corner. When you do that, you can create custom task that has the View Feed permission. That will allow a user to view an asset's metadata in the ProGet UI and not be able to download the package.

    Thanks,
    Dan

    0
  • S

    I had already tried that, but it just gives the message "Anonymous is not permitted to perform the Feeds_DownloadPackage task for the current scope.". This when trying to hit the URL like "https://mypackages.corp.com/endpoints/server-isos/metadata/gold-master.iso" I thought it was curious it says 'DownloadPackage' specifically when I wasn't trying to download. After granting the download permissions I then see the expected metadata response, copied below, using the above URL.

    {
    "name": "gold-master.iso",
    "size": 5536286720,
    "type": "application/octet-stream",
    "content": "https://mypackages.corp.com/endpoints/server-isos/metadata/gold-master.iso",
    "md5": "583fa95fa343bf17d9900292001a3bda",
    "sha1": "9e569930948b38b46f63518f6399af700c034095",
    "sha256": "9976b3e125050542ca50de3c7347d132113834edc151c64c55f9e30bc4d2160f",
    "sha512": "8962ccd82d4898a84d11cb218b6a9b1d8aa6c96712a87cc1965aebd4a7534e09daeec29cbee8f097bebf423e136b2384e87dcd2089d2ca4bf361afbb98b4168b",
    "created": "2023-03-27T20:18:33.697Z",
    "modified": "2023-03-27T20:18:33.697Z",
    "cacheHeader": {
    "type": "Inherit"
    }
    }

    0
  • Dan_Woolf
    inedo-engineer

    Hi Mike,

    The Asset API does require the DownloadPackage permission. Currently, only the ProGet UI can be used with the ViewFeed only permission. I'll add this as a note to discuss in the next products meeting early next week.

    Thanks,
    Dan

    0
  • S

    Ok thanks for the explanation.

    0
Log in to reply
 
Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation