[ ] Access-Control for relations (you might be allowed to view Members and Groups, but not their relation with each other)
[ ] Make SearchContext specification customizeable for each class
[ ] Allow for range-searches (e.g. on Created column)
[ ] Relation listings by $api_access and canView() permissions
[ ] Exclude relations when "fields" are specified through URL (they should be explicitly requested in this case)
[ ] Custom filters per DataObject subclass, e.g. to disallow showing unpublished pages in SiteTree/Versioned/Hierarchy
[ ] URL parameter namespacing for search-fields, limit, fields, add_fields (might all be valid dataobject properties) e.g. you wouldn't be able to search for a "limit" property on your subclass as its overlayed with the search logic
[ ] i18n integration (e.g. Page/1.xml?lang=de_DE)
[ ] Access to extendable methods/relations like SiteTree/1/Versions or SiteTree/1/Version/22
[ ] Respect $api_access array notation in search contexts
[ ] RestfulServer::init() - In 3.2 we should make the default Live, then change to Stage in the admin area (with a nicer API)
[ ] RestfulServer::getHandler() - check access
[ ] RestfulServer::getSearchQuery() - Allow specifying of different searchcontext getters on model-by-model basis
[ ] RestfulServer::postHandler - @todo Posting to an existing URL (without a relation) current resolves in creatig a new element, rather than a "Conflict" message.
[ ] RestfulServer::getAllowedRelations - Respect field level permissions once they are available in core
[ ] RestfulServer::getHandler - Avoid creating data formatter again for relation class
[ ] RestfulServer::updateDataObject - Disallow editing of certain keys in database
Description