REST API should understand CiviConnect config files

[bjendres]

CiviConnect has as similar way of defining profiles for allowed API interactions. We should move away from defining the API whitelisting and go for drop-in json files like CiviConnect uses.

We would have to extend the specs there a little bit:

• add 'validations' = [{'field_name': "field_name", 'regex': 'regex'}], (see https://github.com/civicrm/cxnapp/blob/master/app/cxn/org.civicrm.cron/metadata.json#L14)
• similarly, add 'filters' for custom sanitation code (which CiviConnect will ignore for the moment)

Interesting links:

• https://github.com/civicrm/civicrm-core/blob/4.6/Civi/API/Subscriber/WhitelistSubscriber.php#L94
• https://github.com/civicrm/civicrm-core/blob/4.6/CRM/Cxn/ApiRouter.php#L77
• https://github.com/civicrm/civicrm-core/blob/4.6/Civi/API/WhitelistRule.php

[pbatroff]

@bjendres Is this still necessary / planned?

[bjendres]

@bjendres Is this still necessary / planned?

This is a feature proposal, so far without any demand. I'd leave it open.

See also #2