On Fri, Jul 22, 2011 at 09:40, Benoit Chesneau <[email protected]> wrote: > On Fri, Jul 22, 2011 at 5:54 PM, Filipe David Manana > <[email protected]> wrote: >> On Fri, Jul 22, 2011 at 8:43 AM, Benoit Chesneau <[email protected]> wrote: >>> >>> Yup, but I think that's a bug then. I shouldn't have to set any >>> userctx imo. If no admin has been set, every user is an admin except >>> if we change the default behavior and then it's not consistent. >> >> This was discussed sometime before the 1.1.0 release in the security list. >> And it's a principle of the least privileges by default (roles is an >> empty list). >> >> > I've no problem with that, it's even good. But other part of the API > aren't consistent then. While _replicator is ok, I can still do this > operation on _replicate. I propose to port the same behavior > _replicate.OK for that?
I'd definitely prefer they be consistent. In fact, I've been arguing quietly for POST to _replicator to be exactly the _replicate API and to deprecate the latter. Isn't this possible?
