Protect global endpoints

[wellingguzman]

We have two endpoints (/types and /server) that cannot be "protected" via ACL (Permissions).

Are these types of endpoints going to be admin-only, user-only or public?

[benhaynes]

And /install, right? I think these should be admin only (for the default env) or have a separate config? Not sure the best way to handle this... @rijkvanzanten ?

[rijkvanzanten]

(for the default env)

@benhaynes the environments don't come into play, since these are api global.

[rijkvanzanten]

The options so far:

1. Have them use the permissions system (ACL)
   This would basically mean all global endpoints are moving to use envs (/server/ping = /_/server/ping). This would mean we can use the "standard" auth flow and call it a day

2. We have to come up with a new auth flow for just these endpoints..
   I have no idea how this would work at this point in time.

[benhaynes]

I'd say let's go with option 1... we have enough to deal with, and I think that makes the most sense (since it uses something we already have).

[rijkvanzanten]

Note: These endpoints should be accessible by all logged in users, not just admins.

[rijkvanzanten]

/install can be blocked off to just admins though, but the others are being used by the app

[wellingguzman]

We cannot block /install to admin, because we don't have admin before installation.

Like with /installation 6.x this is public endpoint that will be block after the first installation. (maybe after first installation will be admin-only, to install more environments?)

Having in inside environments (/_/) only make per environments but still we don't have a specific permission that we can check against, such as read or create.

Example, for item comments, how we can check if the user is allowed to comment on a item?