search

FinalsClub / karmaworld

KarmaNotes.org v3.0
GNU Affero General Public License v3.0
7 stars 6 forks source link

RESTful API #247

Open AndrewMagliozzi opened 10 years ago

AndrewMagliozzi commented 10 years ago

Expose our GET, POST, PUT, and DELETE methods to the world.

(DELETE is only possible for files an agent has uploaded herself)

Courses && Notes

Gotcha: How to deal with USDE school list?

Write documentation first, then build the API to spec.

btbonval commented 10 years ago

USDE school list is uploaded by Robot/System role. Objects belonging to Robot/System role are only CRUD for Robot/System role. Admins will have Robot/System role.

CRUD implies RBAC.

This ticket should include Role Based Access Controls as part of the design considerations.

On Thu, Jan 2, 2014 at 10:53 PM, Andrew Magliozzi notifications@github.comwrote:

Expose our GET, POST, PUT, and DELETE methods to the world.

(DELETE is only possible for files an agent has uploaded herself)

Courses && Notes

Gotcha: How to deal with USDE school list?

Write documentation first, then build the API to spec.

— Reply to this email directly or view it on GitHubhttps://github.com/FinalsClub/karmaworld/issues/247 .

btbonval commented 10 years ago

Btw, Anonymous or Unauthenticated is a common default role for those users who have not signed on (a bit of a special case). As long as we keep that in mind, we can build an RBAC system while still allowing anonymous participation.

On Thu, Jan 2, 2014 at 11:55 PM, Bryan btbonval@gmail.com wrote:

USDE school list is uploaded by Robot/System role. Objects belonging to Robot/System role are only CRUD for Robot/System role. Admins will have Robot/System role.

CRUD implies RBAC.

This ticket should include Role Based Access Controls as part of the design considerations.

On Thu, Jan 2, 2014 at 10:53 PM, Andrew Magliozzi < notifications@github.com> wrote:

Expose our GET, POST, PUT, and DELETE methods to the world.

(DELETE is only possible for files an agent has uploaded herself)

Courses && Notes

Gotcha: How to deal with USDE school list?

Write documentation first, then build the API to spec.

— Reply to this email directly or view it on GitHubhttps://github.com/FinalsClub/karmaworld/issues/247 .

btbonval commented 10 years ago

We will need API keys for this to prevent spammers directly modifying our database via API.

btbonval commented 10 years ago

We will also want to be some kind of authentication provider. Possibly through OpenID.

That way a client using the API can make requests "on behalf of" a user who has authenticated against Karmanotes. Otherwise the API is representing only itself as a server, which doesn't work well to provide services to users.