A POST will create a short link (if it doesn't exist already), whereas
a GET will return the short link for the node.
The endpoint will return a dict like:
{'short_code': 'XXXXXX',
'short_link': 'https://blender.cloud/r/XXXXX',
'theatre_link': 'https://blender.cloud/r/XXXXX?t'}
These functions set the correct Content-Type header when JSON is given,
add a resp.json() function that also checks the response mime type,
and adds the correct Authorization header.
For debugging, we keep expired tokens around for a few days, so that we
can determine that a token was expired rather than not created in the
first place. It also grants some leeway in clock synchronisation.
Before this, if there was any project returned by a query on /projects
that the user did not have access to, a 403 would be returned. Now we
just don't include that project in the result.
For unauthenticated/non-subscriber users, image file documents retain
their variations. All other documents have ther variations stripped.
Also the links + expiry info to the original file are removed for all
file types.
Instead of the additional 'is_private' field, we now just use
the permission system and set/remove world GET permissions.
'is_private' is still kept for backward compatibility and possibly
easy querying for public projects, and is always set based on
world GET permissions.
Manage users of a project. In this initial implementation, we handle
addition and removal of a user to the admin group of a project. No
changes are done on the project itself.
Anonymous users can now obtain full_name and email fields from any
user. Authenticated users can also obtain those fields from other
users, and all info about themselves.
- Admins can PUT everything
- Users can only PUT themselves
- The 'auth' field is always taken from the original, and never overwritten
by the PUT. It can be missing from the request, so you can GET and then
PUT the same data.
- Nobody can POST or DELETE users
