Hey there folks! I'm looking at the endpoints for pages, which are specced out here <http://wiki.apache.org/rave/RESTAPI>, and I have some questions for ya.
One questions regards security and privacy. It seems that the /pages endpoint returns the pages for every user, and is also accessible to every user – even users who aren't admins. Would it be preferable for users to only be allowed to see their own pages, for the sake of security and privacy? Another problem I see is that there's no way to get the pages for just a single user. In the Angular app, when Jane Doe loads her home page all that the API needs to give back are Jane Doe's pages. That's the most valuable endpoint, I think, but I'm not seeing it listed on the spec. In fact, I might go so far as to say that, from the perspective of the frontend, that's the *only *endpoint that we need. So the second suggestion is that we add some new endpoints for getting the pages back for a specific user. And you only get data back if you are that user or you're an admin. What do y'all think? James
