Opened 3 years ago

Closed 3 years ago

#2302 closed New feature (fixed)

Tracking API: Allow setTokenAuth() to be an admin token, not only the Super User

Reported by: matt Owned by:
Priority: normal Milestone: Piwik 1.3
Component: Core Keywords:
Cc: Sensitive: no

Description

Super User token is very secret. The Tracking API should allow for more flexibility and allow any "admin" token for the site being tracked.

For performance, we don't want to query the DB on each Tracking API request. So we can cache in the Tracker cache files the list of all allowed admin token_auth and check against this list.

Change History (1)

comment:1 Changed 3 years ago by matt (mattab)

  • Resolution set to fixed
  • Status changed from new to closed

(In [4417]) Fixes #2302 Now, setTokenAuth on the Tracking API can accept the Super User token_auth or any 'admin' user token_auth (the token are cached in the tracker cache file, which is now flushed when users or permissions are changed)

Note: See TracTickets for help on using tickets.