Currently, the permissions are just given on the borgstore.server.rest commandline.
So, e.g. one could run a backend on the server, which is read-only or no-delete (~ "append only").
But, usually users will want to periodically switch to a more permissive mode, e.g. to prune archives and run compact. Having to reconfigure the server for that is no good. :-)
Thus, if we use user/password authentication, we need to derive authenticated_user --> permissions.
If we would switch to api tokens, it would be api_token -> permissions.
Currently, the permissions are just given on the
borgstore.server.restcommandline.So, e.g. one could run a backend on the server, which is read-only or no-delete (~ "append only").
But, usually users will want to periodically switch to a more permissive mode, e.g. to prune archives and run compact. Having to reconfigure the server for that is no good. :-)
Thus, if we use user/password authentication, we need to derive authenticated_user --> permissions.
If we would switch to api tokens, it would be api_token -> permissions.