[Mailman-Developers] Listadmin and other alternate interfaces for Mailman
Florian Fuchs
f at state-of-mind.de
Mon Nov 5 21:18:23 CET 2012
Hi,
On 10/26/2012 08:15 PM, Barry Warsaw wrote:
> One thing we need though is an authenticating proxy for the REST API so that
> non-localhost users can script their own changes to lists they own or are
> members of. We can't expose the admin REST API to non-localhost and I really
> don't want to have to add the authentication layer to the default REST API (at
> least not right now).
>
> It's possible that such an authenticating layer could be implemented as part
> of Postorius, since I think Django supports REST also, and you'll *have* to be
> authenticated to interact with Postorius. OTOH, it would be nice if that
> could be provided without requiring Django.
Of course it would be nice if a public API wouldn't require Django. But
we already have authorization functionality for all kinds of roles in
Postorius. And to add a JSON API shouldn't be so hard.
In fact, I played around with this a little over the weekend. I didn't
want to change too much of the existing authorization system, only
slightly enhance it to provide a simple way for non-browser clients to
log into Postorius with existing user credentials. What I came up with
is a simple view decorator that checks for an HTTP Basic Auth header if
the current user isn't logged in and uses these credentials to start a
new Django session. Clients that can handle session cookies can use that
in all concurrent requests (which makes it a little faster). Clients
that don't support cookies can just send the auth header again with the
next call.
Theres also an API resource that returns a json string with all mailing
lists (very similar, but not identical to the one the core API returns).
If anyone's interested: I added a small proof of concept for a command
line client to a private branch on launchpad. It's far from mature, just
to see if the idea works...
https://code.launchpad.net/~flo-fuchs/+junk/mmremote. (Please make sure
to use the latest revision of Postorius).
Another thought: We will add some convenience AJAX functionality to the
Postorius UI. For this alone it's worth having a number of JSON
resources available. In other words: Postorius would be the first client
to use its own API :-)
Cheers
Florian
>
> Cheers,
> -Barry
> _______________________________________________
> Mailman-Developers mailing list
> Mailman-Developers at python.org
> http://mail.python.org/mailman/listinfo/mailman-developers
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/
> Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/f%40state-of-mind.de
>
> Security Policy: http://wiki.list.org/x/QIA9
>
More information about the Mailman-Developers
mailing list