Draft: Add "pwg.getConfig" WS method #2216
Conversation
|
While I find the idea to be able to fetch the configuration with an API call, I'm absolutely not comfortable to provide such information for "anyone who ask". At the very least it should be "admin only". I would even prefer a "webmaster only" filter. |
|
In my case, the parameters I listed need to be "public". Those are only parameters related to the UI, how many comments to display, is the rating widget enabled, etc. If it is for admin/webmaster only, it is useless. One should ask "what can I do with this information ?", and because in the end, the backend is doing all the necessary checks for each API call (like adding a comment or a rating), the answer is "nothing". Which is not the case for every parameters of course. That's why I proposed to add a role check if we want to expose more. |
2 participants
To be discussed.
I try to start working on my PWA based on Piwigo WS and am in need of some configuration parameters of the server.
I personally only need behavior parameters, thus everything directly related to the UI is not exposed, though the new method could have a parameter to choose what to get (
general,ui,all... ?)These parameters should not have any security impact, but if more are exposed, a test of the user role will be needed for some of them