Problem
AMO's scanning infrastructure needs read-only API access to addon content
across all statuses (approved, disabled, blocked, deleted) and channels
(listed, unlisted), including XPI downloads and listing metadata.
No permission set grants this today without also granting reviewer tools web
UI access. ReviewerTools:View and ReviewerTools:ViewUnlisted gate both
API read access and the reviewer tools website. There is no way to grant one
without the other.
Goal
Create Addons:ViewAll: a single read-only API permission covering any addon
regardless of status or channel, without granting reviewer tools web access.
It replaces the combination of ReviewerTools:View,
ReviewerTools:ViewUnlisted, and Addons:ViewDeleted for scanner and
API-only use cases.
Target permission set
| Permission |
Purpose |
Addons:ViewAll |
Read any addon's metadata and versions via API (new) |
Addons:FileDownload |
Download XPI files in any state (existing) |
Addons:SourceDownload |
Download developer-submitted source (existing, optional, requires legal review) |
What Addons:ViewAll does NOT grant
- Write access (no edit, delete, review actions)
- Reviewer tools web UI access
- Scanner results, abuse reports, or admin panel access
- XPI file downloads (requires
Addons:FileDownload)
Acceptance criteria
A user with only Addons:ViewAll:
- Can retrieve any addon via API regardless of status
- Can list and retrieve versions, including unlisted and deleted
- Can discover file IDs needed for XPI downloads
- Cannot access the reviewer tools web UI
- Cannot perform write operations
- Cannot download XPI files without
Addons:FileDownload
- Cannot take review actions
A user with Addons:ViewAll + Addons:FileDownload:
- Can download XPI files for any addon in any state
Notes
Addons:ViewAll should also surface disabled/deleted addons in search results
(/api/v5/addons/search/). The search endpoint uses Elasticsearch and has its
own filtering, so this may require separate work.
┆Issue is synchronized with this Jira Task
Problem
AMO's scanning infrastructure needs read-only API access to addon content
across all statuses (approved, disabled, blocked, deleted) and channels
(listed, unlisted), including XPI downloads and listing metadata.
No permission set grants this today without also granting reviewer tools web
UI access.
ReviewerTools:ViewandReviewerTools:ViewUnlistedgate bothAPI read access and the reviewer tools website. There is no way to grant one
without the other.
Goal
Create
Addons:ViewAll: a single read-only API permission covering any addonregardless of status or channel, without granting reviewer tools web access.
It replaces the combination of
ReviewerTools:View,ReviewerTools:ViewUnlisted, andAddons:ViewDeletedfor scanner andAPI-only use cases.
Target permission set
Addons:ViewAllAddons:FileDownloadAddons:SourceDownloadWhat Addons:ViewAll does NOT grant
Addons:FileDownload)Acceptance criteria
A user with only
Addons:ViewAll:Addons:FileDownloadA user with
Addons:ViewAll+Addons:FileDownload:Notes
Addons:ViewAllshould also surface disabled/deleted addons in search results(
/api/v5/addons/search/). The search endpoint uses Elasticsearch and has itsown filtering, so this may require separate work.
┆Issue is synchronized with this Jira Task