Closed Regaez closed 4 years ago
Furthermore, it could be nice to have a generic api.super
role that allows you to do anything with the API, but have more specific api.page.get
or api.page.delete
etc to allow for fine-grained permissions. Possible scopes:
api.super
|admin.super
: allows access to everythingapi.pages.read
api.pages.delete
api.pages.edit
api.pages.create
api.users.read
api.users.delete
api.users.create
api.users.edit
api.plugins.read
api.plugins.edit
api.plugins.install
api.plugins.uninstall
api.configs.read
api.configs.edit
Data:
It could be nice to allow the ability to specify roles for the API endpoints from within the plugin config.
For example, a user might require the
admin.super
role in order to be able to useDELETE /pages
, but does not require any role to useGET /pages