Require user authentication in Core - and implement ACL in there
| Pro | Con |
| Very secure interface |
Lot's of work in the Core UI to be done |
| REST-API could be extended to remote clients (not Localhost only) |
you would need to authenticate to the Core |
| | difficult to know for WebUI what it is allowed to show |
Pass Optional User Levels with each item you get via REST
| Pro | Con |
| each UI could access these Level directly while working with an item |
Messing up the item |
| ACLs are treated optional - e.g. plugins could enable additional feautres | Lack of security once you've got Web Plugins |
| very easy to show and hide items in the WebUI based on ACL |
this only applys for list style values |
| complete rewrite of REST needed |
|
| | user-levels could be treated in DOC |
| Do we already have other than the mailman-web Django Project who access REST ? |
Implement it in the WebUI only
| Pro | Con |
| No need to change Core |
every UI would need to it again - e.g taking a look at the documentation Very big workload for every UI |
| | |
| |