On Mar 30, 2017, at 09:45 PM, Jan Jancar wrote:
This would also go well with an idea I had about the current state of the REST API and encrypted lists. With having decorators like "@exported_REST", another one could get introduced, something like "@requires_permission("some.perm.name")" which would introduce permission-based granularity to the REST API. Then multiple user:password pairs could be specified in a config with different permissions and so Mailman could provide different levels of API access to different apps.
Our intention is to support permission based access to the REST API via an "authenticating proxy", which we call lemme:
https://gitlab.com/mailman/lemme/tree/master
and for an outline on how this might work:
https://gitlab.com/mailman/lemme/blob/master/OUTLINE.rst
We had good discussions about this at Pycon 2016, but haven't gotten very far in implementation details. I'm hoping we can spend a little bit of time on that this year.
Cheers, -Barry