Skip to content

Commit 905a789

Browse files
pietroalbinipietroalbini
committed
split the publish scope in publish-new and publish-update
1 parent 4caaba6 commit 905a789

File tree

1 file changed

+8
-8
lines changed

1 file changed

+8
-8
lines changed

text/0000-crates-io-token-scopes.md

+8-8
Original file line numberDiff line numberDiff line change
@@ -36,8 +36,9 @@ to act on.
3636
The user will be able to choose one or more endpoint scopes. This RFC proposes
3737
adding the following endpoint scopes:
3838

39-
* **publish**: allows uploading new crates or new versions of existing crates
40-
the user owns
39+
* **publish-new**: allows publishing new crates
40+
* **publish-update**: allows publishing a new version for existing crates the
41+
user owns
4142
* **yank**: allows yanking and unyanking existing versions of the user's crates
4243
* **change-owners**: allows inviting new owners or removing existing owners
4344

@@ -50,9 +51,9 @@ access to all (documented and undocumented) crates.io API endpoints except for
5051
adding new tokens.
5152

5253
The crates.io UI will pre-select the scopes needed by the `cargo` CLI, which at
53-
the time of writing this RFC are `publish`, `yank` and `change-owners`. The
54-
user will have to explicitly opt into extra scopes or the legacy permission
55-
model.
54+
the time of writing this RFC are `publish-new`, `publish-update`, `yank` and
55+
`change-owners`. The user will have to explicitly opt into extra scopes or the
56+
legacy permission model.
5657

5758
Tokens created before the implementation of this RFC will use the legacy
5859
permission model.
@@ -95,7 +96,8 @@ The scopes proposed by this RFC allow access to the following endpoints:
9596

9697
| Endpoint | Required scope |
9798
| --- | --- |
98-
| `PUT /crates/new` | **publish** |
99+
| `PUT /crates/new` (new crates) | **publish-new** |
100+
| `PUT /crates/new` (existing crates) | **publish-update** |
99101
| `DELETE /crates/:crate_id/:version/yank` | **yank** |
100102
| `PUT /crates/:crate_id/:version/unyank` | **yank** |
101103
| `PUT /crates/:crate_id/owners` | **change-owners** |
@@ -200,8 +202,6 @@ scoping:
200202
# Unresolved questions
201203
[unresolved-questions]: #unresolved-questions
202204

203-
* Should there be separate scopes for publishing a new crate and a version of
204-
an existing crate, instead of the single `publish` scope?
205205
* Are there more scopes that would be useful to implement from the start?
206206
* Should crate scopes be allowed on tokens with the legacy endpoint scope?
207207
* Is the current behavior of crate scopes on endpoints that don't interact with

0 commit comments

Comments
 (0)