This question is primarily aimed at Richard, but anyone who's got some insight or opinions is of course free to chime in...
As i understand it, the primary intention behind requiring the anonymous user login is to keep spiders from crawling the whole repo history, and the distinction between the two users is that anonymous gets hyperlinks and guest does not. In a JSON context, link-following is not an issue. There are no links, as such, in JSON docs - though individual JSON strings might incidentally contain HTML link strings, bots don't generically try to extract HTML text from JSON. Doing anything at all with the data requires writing an app-specific bot to do it. Given that, would be against fossil's nature if i reduce the JSON API's authentication to only 2 levels: read and write? Non-logged in users would be read-only and logged in would have write access only if their user profile allows it (and if it doesn't then logging in for JSON access doesn't have any benefit at all for the client). As far as i can see so far, the only ops which _need_ to be authenticated (for purposes of a JSON interface) are write-ops, and so far none of those are implemented. Commit, wiki-save, artifact-edit, etc., would be authenticated using the existing per-user permissions. :-? -- ----- stephan beal http://wanderinghorse.net/home/stephan/
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
