I’m trying to set up a API using the CakeDC API along with their Users plug-in. Unfortunately the documentation isn’t the easiest to follow.
Basically I have some users (a user, a editor and a admin).
For example, I have a CitiesController (add/edit/view/delete)
The regular User should only be able to call the index and view methods.
The Editor can index, view, edit, add
The Admin can index, view, edit, add Delete.
In the User’s plugin I can set this up with SimpleRbac and it works great.
I’m not sure how to translate this into the API plug-in, it looks like it supports RBAC and there’s a way you can set tokens in the User table, but seems like that doesn’t affect what you can access, i.e. it seems to either everything is locked down or the entire site’s is open via the API (not something I want to let near a production server!)
Is anybody using it and might be able to offer some tips how to get started with it?