bird-house · fmigneault · Nov 30, 2023 · Nov 15, 2023 · Nov 15, 2023 · Nov 21, 2023
@@ -61,6 +61,9 @@ component/geoserver:
 component/jupyterhub:
   - birdhouse/**/jupyterhub/**/*
 
+component/STAC:
+  - birdhouse/**/*stac*/**/*
+
 feature/WPS:
   - birdhouse/**/finch/**/*
   - birdhouse/**/flyingpigeon/**/*

@@ -15,7 +15,13 @@
 [Unreleased](https://github.com/bird-house/birdhouse-deploy/tree/master) (latest)
 ------------------------------------------------------------------------------------------------------------------
 
-[//]: # (list changes here, using '-' for each new entry, remove this when items are added)
+- `optional-components/stac-public-access`: add public write permission for `POST /stac/search` request.
+
+  Since [`pystac_client`](https://github.com/stac-utils/pystac-client), a common interface to interact with STAC API,
+  employs `POST` method by default to perform search, the missing permission caused an unexpected error for users that
+  are not aware of the specific permission control of Magpie. Since nothing is created by that endpoint, but rather,
+  the POST'ed body employs the convenient JSON format to provide search criteria, it is safe to set this permission
+  when the STAC service was configured to be publicly searchable.
 
 [1.38.0](https://github.com/bird-house/birdhouse-deploy/tree/1.38.0) (2023-11-21)
 ------------------------------------------------------------------------------------------------------------------

@@ -4,6 +4,16 @@ permissions:
     permission: read
     group: anonymous
     action: create
+
+  # search can be performed by GET query-string or POST JSON search body
+  # in both cases, nothing is 'written' or 'created' unlike most common POST requests
+  # it is sensible to enable it, since 'pystac_client.Client.open' uses POST by default
+  - service: stac
+    resource: /stac/search
+    permission: write-match
+    group: anonymous
+    action: create
+
   - service: stac
     resource: /stac
     permission: write