commit 4c6ff3f022ddde57f63d660c3ad737b00476f558
parent ee1a57ba8cc95e0babc0aa7707974e80d7d5a592
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Thu, 19 Jun 2025 09:57:05 +0200
typo
Diffstat:
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/design-documents/049-auth.rst b/design-documents/049-auth.rst
@@ -163,8 +163,8 @@ Permissions
===========
Each API request to an endpoint **may** be associated with a *permission*.
-A permission is a descriptive string, e.g. ``orders-read``
-If no permission is defined for a request, the endpoint, no access control is enforced.
+A permission is a descriptive string, e.g. ``orders-read``.
+If no permission is defined for a request, no access control is enforced.
Permission strings best practice include that *read-only* access end with the suffix ``-read``, e.g. ``orders-read``.
If the access to the endpoint modifies the state it is suffixed with ``-write``, e.g. ``orders-write``.
