Context
RFC #876 adds authenticated MyOpenCRE upload at POST /rest/v2/myopencre/upload. Today, POST /rest/v1/cre_csv_import is public (no auth) and writes directly into the shared graph via myopencre_parser — intended for local/self-hosted use.
Maintainer decision: cre_csv_import must be auth-wrapped for online deployment. Anonymous CSV import into the shared CRE graph is not acceptable on opencre.org.
Requirements
Migration notes
- Local dev with
NO_LOGIN=1 should continue to work for contributor workflows
GET /rest/v1/cre_csv template download may stay public (read-only) — confirm during implementation
Related
Context
RFC #876 adds authenticated MyOpenCRE upload at
POST /rest/v2/myopencre/upload. Today,POST /rest/v1/cre_csv_importis public (no auth) and writes directly into the shared graph viamyopencre_parser— intended for local/self-hosted use.Maintainer decision:
cre_csv_importmust be auth-wrapped for online deployment. Anonymous CSV import into the shared CRE graph is not acceptable on opencre.org.Requirements
@login_required(or equivalent post-RFC TODO 1 session check) toPOST /rest/v1/cre_csv_import/rest/v1/auth/*issue)/rest/v2/myopencre/upload(RFC TODO 4)CRE_ALLOW_IMPORTand/orcapabilities.myopencrein addition to loginweb_main_test.py/ MyOpenCRE frontend testsMigration notes
NO_LOGIN=1should continue to work for contributor workflowsGET /rest/v1/cre_csvtemplate download may stay public (read-only) — confirm during implementationRelated
docs/rfc/user-auth-myopencre.mdapplication/web/web_main.pyimport_from_cre_csv