I'm trying to figure out the best (and most RESTful) way to handle user roles in regards to the data returned.
For example, for a resource named user, we only show obfuscated_id to regular users and no phone_number. But for an admin, we return the regular id and also the user's phone_number.
What's the design for this. One option is to create \admin\users and \users. Which means I will need to have two routes for a single resource, which sounds a bit unRESTful
Aucun commentaire:
Enregistrer un commentaire