Open prestonp opened 10 years ago
Maybe we should support some sort of GB-AUTH-TOKEN
header or something that would authenticate the request as a certain type of user (depending on the contents of the token). In a lot of places, we check for the presence of the edit_token
or review_token
to inform our templates. For instance, the /orders/:oid
page does this. Instead, we should be relying on the type of user that is authenticated and the state of the order.
planning on a large revamp for order item management
edit_token
via url query or in the body of the request. This doesn't really make sense because DELETE requests shouldn't even have body data.