commit 3ef1480c35cf756935371587f760b0aa438dba62 parent 889ca899ad1c4797f0f61925221047e70bb63f88 Author: Martin Schanzenbach <schanzen@gnunet.org> Date: Thu, 19 Jun 2025 10:06:06 +0200 more examples Diffstat:
| M | design-documents/049-auth.rst | | | 3 | ++- |
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/design-documents/049-auth.rst b/design-documents/049-auth.rst @@ -163,7 +163,8 @@ Permissions =========== Each API request to an endpoint **may** be associated with a *permission*. -A permission is a descriptive string, e.g. ``orders-read``. +A permission is a descriptive string, e.g. ``orders-read`` for a ``GET`` request on the endpoint ``/private/orders``. +Another example would be ``orders-write`` for a ``POST`` or ``PUT`` request on the same endpoint. If no permission is defined for a request, no access control is enforced. Each component API **must** define and document appropriate permissions for its requests.