Would you see these two issues separate to:


a)      Possibly adding a “token” style authentication (this was discussed on the old google wave site I believe)

b)      “Permissions” system for the API itself


I ask as B above would allow one to call api call X but not Y - I’m asking as I’m wondering if the solution for B + mc_issue_get_access should be one thing, or whether they are two different things – i.e. controlling whether someone can use the API to do X (e.g. call issue_update) and telling a client what roles the user accessing the API has under issue_update e.g. add but not remove tags when updating an issue.




From: Victor Boctor []
Sent: 19 April 2014 20:28
To: MantisBT Dev Mailing List
Subject: [mantisbt-dev] Thoughts on SOAP issues


Please add your thoughts to the issues below in the tracker.


17236: Support exposing some configuration anonymously


13443: mc_issue_get_access