• Post Reply Bookmark Topic Watch Topic
  • New Topic

RESTful design and user roles  RSS feed

 
Rj Ewing
Ranch Hand
Posts: 120
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm trying to figure out how to layout me REST services, but I'm having a bit of trouble when it comes to user roles, etc.

Is it preferred to have a single endpoint for retrieving a resource?

Some details.

Project resources can be public or private. Projects also have an admin and member users. Some requests I would like to make are:

1. get all projects I am an admin for.
2. get all projects I am a member of
3. get all public projects
4. get all projects I am a member of and are public

what would be the preferred way to layout my endpoints? should they all be under the "/projects/" endpoint and the code & query params determine which projects to return?

or what about the following (numbers match the above scenarios)
1. /admin/projects
2. /users/{id}/projects/
3. /projects
4. /users/{id}/projects?includePublic=true

Any help on restful api design would be appreciated.
 
vipul bondugula
Ranch Hand
Posts: 231
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You should design REST URI or API around resources not roles.
Ex: /rest/users should be accessible to any one with a role that allows them to see users.

Internally, you should implement role based security. That implementation depends on the application. Ex: database based or server based role security implementation.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!