On May 07, 2013, at 06:58 PM, Richard Wackerbarth wrote:
I was comparing what a consumer of the Postorius interface might like to see that is not just a proxy forwarding the MM-core interface.
As an example, rather than all of the lists, just those lists for which the represented user is the administrator.
This is definitely aligned with how I see an authenticated (i.e. public) REST API working. The private/admin API gives you everything, while the public one would only provide you the limited subset of things you're allowed to do.
Or put it another way, the private API doesn't know who you are[1] so it can't limit your access. The public API does know who you are, and so it must only present to you the resources and actions that you're authenticated for.
-Barry
[1] Except in the sense that you're essentially root to the Mailman core.