Not sure if this is actually a support request or an idea... Please reallocate accordingly
1. What is the issue? Please be detailed.
Context: I'm building a plugin for QGIS (yes, another one) that uses the API to download submission data (and hopefully will integrate pyODK shortly, once I can figure out how to manage the Pydantic dependency within QGIS! That will hopefully allow the plugin to work "bi-directionally" with entities when the relevant functions escape into pyODK)
I have a working UI within QGIS that allows the user to connect to a Central Server, select any projects that their web-user account has access to, and then drill down to the form / submissions / attachments and can filter submissions etc. It works (yay!) but currently someone with the relevant credentials for a web user has access to all forms within a project...
Issue: I would like to be able to restrict access within the project to forms that the web-user can be given access to. This would be similar to app-user list, but for access to the submissions. I can't see this as a feature, but wonder if it exists or is in development?
This would then allow downloading of submissions for specific forms rather than needing a new project for each - I am trying to reduce the complexity of managing Central for different teams within an organisation who need their own data but are best not to have access to another team's submissions.
Functionally, if this were to be implemented in a Central interface it would be great if this came under 'Form Access' with an additional set of columns for web users, mirroring that of app users... But if it exists in the API I can't work out how to do / manage it from this - https://docs.getodk.org/central-api-form-management/#form-assignments
Is there, for example a verb submissions.download
or role (e.g. Viewer) that could be assigned to a web-user for a given xmlformID? Similar to submissions.create
for app-users or Project Viewer at the Project level. And I'm assuming that pyODK would be an obvious way to handle that?
2. What steps can we take to reproduce this issue?
Create a web user, give that user access to a project, then list the forms via API / pyODK - they have access to all forms within the specific project(s) that they are allocated.
3. What have you tried to fix the issue?
Read the docs, searched the forum - I recall a discussion about developing more granular Roles in Central but can no longer find it...
4. Upload any forms or screenshots you can share publicly below.
The plugin isn't ready for release into the wild! Yet.