Code review comment for lp:~joetalbott/uci-engine/add_v2_skeleton

Joe,

Before we dive into this. Why is it necessary to provide a v2 API for supporting authentication/authorization ?

Why can't we right an Authorization class that accommodates our needs [1] and apply that to all existing v1 resources ? Since authorization procedure is pretty homogeneous to all resources.

[1] unrestricted access for requests coming from Lander & GK (bundle.request.META.REMOTE_HOST matching against intercom private-address relations), read-only access to non-private content and write access to logged in users (bundle.request.user.is_authenticated)