[Mailman-Developers] GSoC discussion
Barry Warsaw
barry at list.org
Fri May 17 21:54:16 CEST 2013
On May 07, 2013, at 06:58 PM, Richard Wackerbarth wrote:
>I was comparing what a consumer of the Postorius interface might like to see
>that is not just a proxy forwarding the MM-core interface.
>
>As an example, rather than all of the lists, just those lists for which the
>represented user is the administrator.
This is definitely aligned with how I see an authenticated (i.e. public) REST
API working. The private/admin API gives you everything, while the public one
would only provide you the limited subset of things you're allowed to do.
Or put it another way, the private API doesn't know who you are[1] so it can't
limit your access. The public API does know who you are, and so it must only
present to you the resources and actions that you're authenticated for.
-Barry
[1] Except in the sense that you're essentially root to the Mailman core.
More information about the Mailman-Developers
mailing list