Re: [gatein-dev] Initial commit on API implementation

So looking into the REST part of the api, I have a few questions here with the design of the API: 1) Does the API assume that only a superuser is ever going to use it, or does it assume that other logged in (or unauthenticated) users will be using it as well? Ie I want to create a navigation/menu portlet. If I retrieve the nodes, will I get only the nodes I have permission to view, or do I have to retrieve them all and manually filter out the ones I don't have permission to access? It makes more sense for the rest service to only return elements the user has permission to access, but we can filter that on the rest side if needed.