* Kiffin Gish [2010-02-01 17:20]:
> I have a number of user-defined actions which are described
> with the user id like this:
>
> settings/user_id/(view|edit)
>
> Where user_id is the primary key into the users resultset.
> However, I do not want this to be visible to the end-user for
> security r
* Kiffin Gish [2010-02-06 11:25]:
> I'm not so sure that I agree, though I can appreciate your
> point of view.
>
> All I'm doing in fact is using the $user->id saved in the
> session, there being nothing papered over for authorization
> which is accomplished via the usual login mechanism.
I’m ta
On Fri, 2010-02-05 at 11:33 +0100, Aristotle Pagaltzis wrote:
> * Kiffin Gish [2010-02-01 17:20]:
> > I have a number of user-defined actions which are described
> > with the user id like this:
> >
> > settings/user_id/(view|edit)
> >
> > Where user_id is the primary key into the users resultset.
On Sat, Feb 6, 2010 at 2:25 AM, Kiffin Gish wrote:
>
> >
> > From an HTTP point of view it is unwise to make endpoint URIs
> > like that which can refer to many different resources at any one
> > point in time.
>
>
> I'm not so sure that I agree, though I can appreciate your point of
> view.
>
On Sat, Feb 6, 2010 at 4:35 PM, Bill Moseley wrote:
> Plus, it sure is handy in documentation to say:
> To update your personal profile go to: http://example.com/myprofile
> vs.
> To update your personal profile go to: http://example.com/user/ here>/profile
We have to points in urls for this: