/api/v1/journals/{username}/accesslists - GET, list of access lists for journal
How about allowing manipulation of accesslists by API? In parallel with your other URLs, we could have:
/api/v1/journals/{username}/accesslist/{accesslistid} - GET, list of members of access list; POST, save list of members of access list.
But honestly, I would feel better, as a developer, being able to add or subtract individual users from an accesslist, rather than having to overwrite the whole thing every time I made an edit. The latter seems like a recipe for really awful bugs.
Use cases: GET: being able to retreive a list of members means I can back up my access lists, something that is important to me, and actually super hard. I've also kicked around an idea of combining such a feature with OpenID, such that I could run a website where if users authenticate there with their DW OpenID, they can have access to things based on my access lists – basically API access to my accesslist memberships lets me use DW's ACLs elsewhere. So I could, for instance, set up sound or PDF or video sharing just for people on my access lists. POST: remote/client management of membership.
Access to the accesslist membership lists?
You have:
/api/v1/journals/{username}/accesslists - GET, list of access lists for journal
How about allowing manipulation of accesslists by API? In parallel with your other URLs, we could have:
/api/v1/journals/{username}/accesslist/{accesslistid} - GET, list of members of access list; POST, save list of members of access list.
But honestly, I would feel better, as a developer, being able to add or subtract individual users from an accesslist, rather than having to overwrite the whole thing every time I made an edit. The latter seems like a recipe for really awful bugs.
Use cases: GET: being able to retreive a list of members means I can back up my access lists, something that is important to me, and actually super hard. I've also kicked around an idea of combining such a feature with OpenID, such that I could run a website where if users authenticate there with their DW OpenID, they can have access to things based on my access lists – basically API access to my accesslist memberships lets me use DW's ACLs elsewhere. So I could, for instance, set up sound or PDF or video sharing just for people on my access lists. POST: remote/client management of membership.