Closed dajtxx closed 1 year ago
We need a mode where external actors can read data from the REST API but not create/update/delete anything.
The simplest way might be to add a read-only flag to the user table and if that flag is set only allow GET methods to be used.
This is not as flexible as a role-based system with permissions, but will be sufficient for now.
Changes have been merged into master.
We need a mode where external actors can read data from the REST API but not create/update/delete anything.
The simplest way might be to add a read-only flag to the user table and if that flag is set only allow GET methods to be used.
This is not as flexible as a role-based system with permissions, but will be sufficient for now.