New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
auth token should pass through #1
Comments
I can see us defining domain objects that have serializers to handle the whitelisting + virtual attributes. Virtual attributes that get computed on a per req basis would be fine: just pass whatever "permissions" you need and the user might have in your request and deal with it based on that. |
dzucconi
pushed a commit
that referenced
this issue
May 5, 2016
starsirius
pushed a commit
that referenced
this issue
Aug 29, 2018
update submit_order to match new mutation style
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The unresolved issue I see here is authentication + caching. Ideally:
X-AUTH-TOKEN
is passed through the requestshow_carousel
).First thing that comes to mind is whitelisting attributes based on what is returned by a non-admin, and allowing those + whatever is computed to be returned in the response. We ideally don't want to deal with two sets of caches per admin and non-admin (and whatever else comes down the line). There may be some cases that I am overlooking here (
can_download_image
for example).The text was updated successfully, but these errors were encountered: