Handle filter parameters on API requests
As discussed with @jure, clients need to be able to add filter parameters to API queries. For example:
- retrieve teams attached to a collection:
/api/teams?collection=foo
- retrieve teams of a certain type attached to a collection:
/api/teams?teamType=editor&collection=foo
- retrieve collections or fragments of a certain type:
/api/fragments?fragmentType=project
- retrieve users with a certain role:
/api/users?editor=true
?
Clients should only be allowed to filter on properties that they have permission to read, so that information isn't accidentally exposed.