On Mar 30, 2017, at 09:45 PM, Jan Jancar wrote:
>This would also go well with an idea I had about the current state of
>the REST API and encrypted lists. With having decorators like
>"@exported_REST", another one could get introduced, something like
>"@requires_permission("some.perm.name")" which would introduce
>permission-based granularity to the REST API. Then multiple
>user:password pairs could be specified in a config with different
>permissions and so Mailman could provide different levels of API access
>to different apps.Our intention is to support permission based access to the REST API via an "authenticating proxy", which we call lemme: https://gitlab.com/mailman/lemme/tree/master and for an outline on how this might work: https://gitlab.com/mailman/lemme/blob/master/OUTLINE.rst We had good discussions about this at Pycon 2016, but haven't gotten very far in implementation details. I'm hoping we can spend a little bit of time on that this year. Cheers, -Barry
pgpYeAo5cY8pt.pgp
Description: OpenPGP digital signature
_______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
