Re: [gatein-dev] Initial commit on API implementation
On Jul 13, 2011, at 12:13 PM, Boleslaw Dawidowicz wrote:
On Jul 12, 2011, at 3:50 PM, Matt Wringe wrote:
> So looking into the REST part of the api, I have a few questions here
> with the design of the API:
>
> 1) Does the API assume that only a superuser is ever going to use it, or
> does it assume that other logged in (or unauthenticated) users will be
> using it as well?
> Ie I want to create a navigation/menu portlet. If I retrieve the nodes,
> will I get only the nodes I have permission to view, or do I have to
> retrieve them all and manually filter out the ones I don't have
> permission to access?
> It makes more sense for the rest service to only return elements the
> user has permission to access, but we can filter that on the rest side
> if needed.
>
I think the main use case would be for superuser - like for admin purposes but we should
also address use case of users with more constrained permission accessing it
We'll definitely need to secure the access to the service properly then… :)
Cordialement / Best,
Chris
==
Principal Software Engineer / JBoss Enterprise Middleware Red Hat, Inc.
Follow GateIn: http://blog.gatein.org / http://twitter.com/gatein
Follow me: http://metacosm.info/metacosm / http://twitter.com/metacosm