On Sun, Sep 11, 2011 at 12:55 AM, Stephan Beal <sgb...@googlemail.com>wrote:
> This question is primarily aimed at Richard, but anyone who's got some > insight or opinions is of course free to chime in... > > As i understand it, the primary intention behind requiring the anonymous > user login is to keep spiders from crawling the whole repo history, and the > distinction between the two users is that anonymous gets hyperlinks and > guest does not. > > In a JSON context, link-following is not an issue. There are no links... > There should be links. Without them, the interface is not fully RESTful. See http://martinfowler.com/articles/richardsonMaturityModel.html for further information. A key idea behind REST is that an application can be given a small number of "starter" URLs and it can discover all the other URLs it requires by following links. > , as such, in JSON docs - though individual JSON strings might incidentally > contain HTML link strings, bots don't generically try to extract HTML text > from JSON. Doing anything at all with the data requires writing an > app-specific bot to do it. > > Given that, would be against fossil's nature if i reduce the JSON API's > authentication to only 2 levels: read and write? Non-logged in users would > be read-only and logged in would have write access only if their user > profile allows it (and if it doesn't then logging in for JSON access doesn't > have any benefit at all for the client). > > As far as i can see so far, the only ops which _need_ to be authenticated > (for purposes of a JSON interface) are write-ops, and so far none of those > are implemented. Commit, wiki-save, artifact-edit, etc., would be > authenticated using the existing per-user permissions. > Since spiders that follow JSON are not currently a problem, I think it would be OK to disregard the History permission on JSON-returning pages. Just keep in mind that at some point in the future, we might need to revisit this decision. So please don't paint us into a corner. > > :-? > > -- > ----- stephan beal > http://wanderinghorse.net/home/stephan/ > > _______________________________________________ > fossil-users mailing list > fossil-users@lists.fossil-scm.org > http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users > > -- D. Richard Hipp d...@sqlite.org
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users