On May 22, 2016, at 12:54 AM, Simon Hanna wrote:
While in theory it would be possible to enforce permissions in core about who is allowed to call specific rest calls, this would require a lot of changes. I'm not sure we want to go this way.
I've resisted this for a long time, and I may continue to do so :).
I definitely consider the current REST API a privileged, administrative API for integrating known, trusted components. It should never be published on any public IP address. This isn't going to change.
A while back, Andrew Stuart wrote an authenticating proxy server he called "mailmania"[1] which does exactly as Simon proposes above. It authenticates users and maps their roles to allowed REST calls. It could be exposed on a public IP and used to script the core.
I'd like to either promote mailmania to a official subproject, or fork it, clean it up, and offer something much like it, either as a subproject (likely at first) or as an optional component of the core. Andrew has donated this to the FSF so we can use what we want, but I think he doesn't have time these days to develop it. I'd like to come up with a better name :).
Anyway, that's the direction I think such a permission system should go in.
Cheers, -Barry