---
** [tickets:#6846] OAuth improvement: reduce token rights**
**Status:** open
**Created:** Tue Nov 05, 2013 06:17 PM UTC by Cory Johns
**Last Updated:** Tue Nov 05, 2013 06:17 PM UTC
**Owner:** nobody
We should be able to optionally assign a specific (named?) `ProjectRole` to a
token to restrict its access level instead of always giving the full
permissions of the user that created it. Since the token is currently used to
set the user in the session, we'll need to override the `ProjectRole` returned
for that user somehow, for the duration of the request.
---
Sent from sourceforge.net because allura-dev@incubator.apache.org is subscribed
to https://sourceforge.net/p/allura/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://sourceforge.net/p/allura/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list.
