commit ff08d11d8b86c0124555414689a7e8f845efe103
parent 1783f8ebb8ad56ebe549a56374b56ea389f4533a
Author: Christian Grothoff <christian@grothoff.org>
Date: Sat, 21 Jun 2025 20:01:19 +0200
-remove obsolete comment
Diffstat:
1 file changed, 0 insertions(+), 9 deletions(-)
diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c
@@ -1348,15 +1348,6 @@ url_handler (void *cls,
{
.url_prefix = "/orders",
.method = MHD_HTTP_METHOD_GET,
- // FIXME: What is the abstraction-level for permissions?
- // We could have per endpoint permissions, and scopes as
- // collections of permissions.
- // But this will not allow fine-grained access control on the
- // semantics of the request! Is that required?
- // If not, each endpoint should have a permission string
- // The permission string(s) associated with a role/scope can
- // be defined in the config file.
- // E.g. order-simple = orders-get; order-pos = orders-get,orders-post
.permission = "orders-read",
.allow_deleted_instance = true,
.handler = &TMH_private_get_orders
