Forum OpenACS Development: Re: API Browser Support for Other Programming Languages

Posted by Iuri Sampaio on
If I understood correctly you need, the best way to inhibit api-browser from the user is to work properly with permission system.
Site-wide-administration, SWA, is designed to own (i.e. have access) the entire system, to access api-browser, developer support tools, and a bunch of other features. You don't want to change that. Believe me!

A Subsite administrator is the one you should be setting up to be your admin for site administration tasks.

Could you create a custom package for that?
A possibility is to make it available to site admins, then they won’t have access to the api-browser section, but they will have access to your "custom code library" package.

Best wishes

Posted by Carl Lemp on
What I would like to do is allow the user to use the api-browser but only them to browse packages they loaded, not packages that are part of the base system.

If I understand your answer correctly, the api-browser has site-wide-administration permissions and it is bad idea to change those permissions. So, to do what I want, the best way would be to create a separate package with the same capabilities (maybe starting with the same code?) as the api-browser and set the permissions of that package as I need them. Is that correct?


Posted by Gustaf Neumann on
Actually, i do not see the big problem in changing permissions of the api-browser.

The api-browser was designed and implemented as a singleton package for providing documentation for developers about the code running on this instance (there is only one code basis). If one wants multiple instances to be used for different purposes, maybe in multiple subsites, one has to
- remove the singleton-property (with all consequences),
- make the package subsite-aware (maybe not much),
- provide configuration options per instance (what kind of code you want to see),
- extend the API in what instance the data should be seen (and maybe provide as well source-code language information)
- extend the data-model (i.e. the nsvs, naming etc.)

This is some effort, but it it look in general doable to me, since the existing API and datastructures are rather simple. One should be able to provide default settings, such that existing usages can continue to work unmodified.