OpenACS

Over many years, all "Registered Users" got per default access

to /api-doc. This is probably OK, when one assumes that the

registered users are developers. However, providing source code

access to all registered users can pose a security thread,

especially on large sites.

For new installs, api-doc is now just accessible for site-wide admins.

Providing more liberal rights for users can be achieved via

setting the permissions via the sitemap.

Show less