Timeline for answer to How to deal with public vs private version of same resource in a RESTFul API? by Ewan

Current License: CC BY-SA 4.0

Post Revisions

13 events

when toggle format	what		by	license	comment
yesterday	comment	added	candied_orange		On the names: I gonna come down against admin/inventory. I do think they should be different end points but lets stay out of the business of deciding that only one roll will ever need to see the list. A good name can be your salvation. I humbly suggest that the word /catalog is obviously public facing and /stock is not. Now each can be what it is without worrying about who and be accessed by whatever roles are appropriate. This also supports distributed servers. You may have 48 of this item in stock but want the catalog of this server to only offer 4 at the moment. 12 servers can share stock.
2 days ago	vote	accept	user1620696
2 days ago	history	edited	Ewan	CC BY-SA 4.0	added 1326 characters in body
2 days ago	comment	added	Steve		For example, an application may have actions like "send expensive purchase for authorisation" and "authorise expensive purchase", and clearly programming these two actions is relatively independent from programming checks on whether a particular login has the right to perform each action (i.e. access the relevant screens or push the relevant buttons). But these actions themselves are implicitly designed around two separate staff roles existing for security/control reasons in a business of a particular size - one submitting expensive purchases, another authorising them. (2/2)
2 days ago	comment	added	Steve		@GregBurghardt, I agree with your points, business processes and staff roles are very often designed together, with security/trustworthiness/responsibility often foremost in designing a division of labour between roles. In a computer application, there may be a distinction between programming an action and programming checks on the right of a particular login to trigger that action, but the available actions themselves are usually designed around assumptions about how the business works (i.e. how staff roles and responsibilities are structured). (1/2)
2 days ago	comment	added	JimmyJames		I think this is a cleaner approach. Instead of returning different responses depending on who is calling, you just determine what endpoints are allowable. If there's any desire for caching responses, this definitely simplifies things.
2 days ago	comment	added	Ewan		yeah its not perfect, but when i saw hans-martins answer i was like... hmmmmm ive got to mention this idea. If you want to use an off the shelf role bases security product then you also want to not pass the roles into your BL layer
2 days ago	comment	added	Greg Burghardt		I think this answer is a good approach, but "naming things" becomes an issue. Instead of "show inactive inventory", I would prefer an endpoints split based on some root URL, like `/inventory` for customers, and `/admin/inventory` for admins. Honestly, though, roles bleed very easily into business logic, because user roles are often carved out of business requirements. I'm off on a tangent, and I admit that, but more and more I see "business rules" and "security" as the same thing.
2 days ago	comment	added	Ewan		Its about separating permissions and roles, rather than passing the roll into the logic you have permission, "see non-active" and assign it to the admin role.
2 days ago	comment	added	Caleth		I'm just very suspicious of "we check access at the door so don't inside" as a security strategy. I'm also not convinced I understand "cross cutting concern" the way you do, because to me security as a cross cutting concern is a strike against your advice.
2 days ago	comment	added	Ewan		id and role are not the same
2 days ago	comment	added	Caleth		User identity is very often part of business logic. A customer should only be able to edit their own orders, not anyone elses. A user should see items in their "recommended" feed tailored to them, etc.
2 days ago	history	answered	Ewan	CC BY-SA 4.0