Skip to content

Version 4.0.0
Compare
Choose a tag to compare
@jimlambie jimlambie released this 11 Jul 08:53
· 524 commits to develop since this release
v4.0.0
c6570ee

Added

Changed

  • #438: make CORS enabled by default
  • #447: adds an additional content type check when determining if the current request should be parsed by the JSON parsing middleware

BREAKING CHANGES

Access control list

The main change from version 3 to 4 is the introduction of the access control list. It's technically a breaking change, since any clients without {"accessType": "admin"} will lose access to everything by default. They need to be assigned permissions for the individual resources they should be able to access, either directly or via roles.

If you don't want to use the new advanced permissions and instead keep your clients with unrestricted access to API resources, make sure to set {"accessType": "admin"} in their database records. API doesn't currently offer a way to change this property via the endpoints, so you'll need to manually make this change in the database.

Removal of write mode on configuration endpoints

Version 4 removes the ability for clients to create, modify and delete collections, custom endpoints or update the main API configuration. The read endpoints were kept – e.g. GET /api/config is valid, but POST /api/config is not.

Other breaking changes

  • Requesting a document by ID (e.g. /version/database/collection/doc123456) now returns a 404 if the given ID does not correspond to a valid document, instead of returning a 200 with an empty result set. This behaviour is consistent with the DELETE and PUT verbs.
Assets 2
Loading