tags:

views:

84

answers:

2

I am not sure how this fits into Stack Overflow's moderation guidelines, but I did not at the time of writing http://stackoverflow.com/questions/2132716/can-an-url-really-be-considered-to-be-the-only-key-for-a-http-response have this particular case in mind, and so decided to continue with this one.

The old story: say one has a site where users need to fetch private assets for authoring, these be images, sounds etc. The problem of URLs for these is now considered resolved in the "first part" of the question. What if, however, users need to fetch the index of their assets (i.e. enumerate them to display as a gallery) and even though the assets are strictly private, site administrators must also be able to access these, for providing support etc. I originally thought of the following URL for such index:

 http://mydomain/user/assets/index

which would indeed work if accessed by a client carrying user authentication and authorization in a cookie. The server will be able to deduce which user asset index to retrieve. The problem arises when a site administrator needs to fetch some users asset index, this is where the URL above is absolutely insufficient for such index identification. The site administrator user agent only sends authentication and authorization for the site administrator himself, it does not in fact identify the user to fetch the asset index for. Is then the best solution to identify the user by the URL, like below?

 http://mydomain/user/<user_id>/assets/index

Thank you for your time.

+2  A: 

I would make a completely separate access path for admin activities:

 http://mydomain/this-user/admin/that-user/assets/index

This way, admin is a service, just like any other service (such as your assets service)

Roland Bouman
Interesting idea, actually. It doesn't answer my question as such, but thanks, absolutely! I will think about it...
amn
Doesn't this just complicate the situation? If the authentication is being passed in the cookie then 'this-user' is redundant and the URL could be abbreviated to "http://mydomain/admin/that-user/assets/index" but even then I think the final 'selector' here is 'that-user' so the URL should be "http://mydomain/admin/assets/index/that-user". I thinking of this in terms of MVC with a controller/action/index structure.
Lazarus
Lazaras, I agree with regard to identifying the current user with a cookie. As for the rest of the URL - it's mainly a matter of preference, as far as I am concerned. You just have to settle for some, hopefully consistent, way to address your resources. I understand that it's possible to map components of MVC to parts of the URL, it seems to me is completely arbitrary how you do that. Your formatting seems 'system-centric' to me, whereas putting the user first and then the action is more 'user-centric'. I couldn't care either way - to me both are valid. I just mimicked the format of the OP.
Roland Bouman
I would say it is a matter of preference. URLs are mostly read and typed by people visiting websites, and should be adapted to their thinking, not ours (devs). The "selector" style you are proposing works better for XPath IMO, it may or may not be readable to a Joe. Also, with the '/' character in URLs, and the strong adoption of the concept of files in culture, I would say a normalized hierarchical structure works best for the purpose. By "normalized" I mean that Joe will have a lot of private resources of all kinds - it would make sense to have the user ID as early in the URL as possible.
amn
+2  A: 

I'd probably look to pass the user_id as a parameter rather than in the URL, this would allow you to keep your URI consistent, i.e. :

http://mydomain/user/assets/index?uid=<user_id>

or

http://mydomain/user/assets/index/<user_id>
Lazarus
Well, I use URL rewriting anyway (URLs with query strings are often not cached), so I consider the first option maligned here. I don't see the difference between the second and the one I suggested - they merely have user id variable value specified in different places? Since both assets and their index belong to the user himself, I think it would be fairly optimal to have http://mydomain/user/<user_id>/assets{/index}? If there are good reasons to do it the way you suggest with the second option, I am all ears :-)
amn
Caching will normally cache based on the entire URL unless you specify otherwise but that's neither here nor there. A URL/URI to me is a progression, a path to your target. The path here is to retrieve the user asset index for user_id not the user user_id asset index as the 'user' in question is the authenticated user not the owner of the assets. It's somewhat pedantic but to me it feels cleaner than your suggestion.
Lazarus