View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0017236 | mantisbt | api soap | public | 2014-04-19 15:24 | 2014-05-03 16:52 |
Reporter | vboctor | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | new | Resolution | open | ||
Product Version | 1.2.17 | ||||
Summary | 0017236: Support exposing some configuration anonymously | ||||
Description | There are scenarios where a subset of the configuration should be exposed anonymously. At this point we only expose the version number anonymously, but everything else requires a valid login to use the mc_config_get(). For example, if a client is to implement a login page, they don't have authentication yet, but they need to know information like:
So similar to config_is_private(), we will need config_is_anonymous() and for the ones that match that, we should return them without requiring authentication. There are three options:
For 1 and 2, we can return: The easiest solution is 3. My preferred solution is 1 + a. | ||||
Tags | No tags attached. | ||||
How about mc_config_get_all( $p_username, $p_password ) with proper access level checks? This would retrieve all configs available to the user, and take into account anonymous access if enabled. The advantage is that we keep the client API minimal. |
|
OK, so we are on the same page as far as retrieving N configs at a time and retrieving them anonymously. The issue with the approach you proposed is that it is inconsistent with the rest of API in that it supports anonymous access even if the instance doesn't allow it. This could be confusing. There is also no upside for giving more details in the anonymous case since typically this API will be used pre-login, so you will be providing potentially more data than needed in the case of instances that support anonymous, since some of these configs will change once the user logs in. Hence, I think we should have the following:
Note that for get_all, we will have to initially filter out configs that we can't serialize until the serialization for arrays is sorted out. |
|