*I'm not sure that the /pages endpoint ACTUALLY works that way - it just should.*
Ah, of course. My apologies, I misunderstood you before. I agree with ya. *I can point you towards where it is used in the angular branch* Awesome, I appreciate that. Thanks for your help, Erin! On Thu, Aug 21, 2014 at 2:48 PM, Erin Noe-Payne <[email protected]> wrote: > I'm not sure that the /pages endpoint ACTUALLY works that way - it just > should. > > > I'm also not sure about documentation on the pages for render resource > but I can point you towards where it is used in the angular branch: > > https://github.com/apache/rave/blob/angular/rave-portal-resources/src/main/webapp/static/script/common/resources/PagesForRenderResource.js > > On Thu, Aug 21, 2014 at 12:29 PM, Jmeas Apache <[email protected]> > wrote: > > *In otherwords the /pages endpoint returns alist of all pages that a > given > > user is allowed to see.* > > > > Interesting. I wasn't able to reproduce this on the master branch with > > jane.doe as the user (who doesn't have admin rights). She can see > > everyone's pages. Might I be doing something wrong? Or might the master > > branch be outdated relative to the Angular branch in this regard? > > > > *there is a "pages for render" endpoint* > > > > Oh, really? Awesome! Is this documented somewhere? > > > > > > On Thu, Aug 21, 2014 at 2:25 PM, Erin Noe-Payne < > [email protected]> > > wrote: > > > >> In concept the /pages endpoint is only accessible as a logged in user, > >> and the list of pages returned to a given user will always be filtered > >> via their permissions. In otherwords the /pages endpoint returns a > >> list of all pages that a given user is allowed to see. > >> > >> Regarding the needs of the angular application, there is a "pages for > >> render" endpoint, because a page or pages need to be composed with its > >> regions, widgets, and security tokens before the widgets can actually > >> be rendered for the client. > >> > >> On Thu, Aug 21, 2014 at 12:04 PM, Jmeas Apache <[email protected]> > >> wrote: > >> > Hey there folks! > >> > > >> > I'm looking at the endpoints for pages, which are specced out here > >> > <http://wiki.apache.org/rave/RESTAPI>, and I have some questions for > ya. > >> > > >> > One questions regards security and privacy. It seems that the /pages > >> > endpoint returns the pages for every user, and is also accessible to > >> every > >> > user – even users who aren't admins. Would it be preferable for users > to > >> > only be allowed to see their own pages, for the sake of security and > >> > privacy? > >> > > >> > Another problem I see is that there's no way to get the pages for > just a > >> > single user. In the Angular app, when Jane Doe loads her home page all > >> that > >> > the API needs to give back are Jane Doe's pages. That's the most > valuable > >> > endpoint, I think, but I'm not seeing it listed on the spec. > >> > > >> > In fact, I might go so far as to say that, from the perspective of the > >> > frontend, that's the *only *endpoint that we need. > >> > > >> > So the second suggestion is that we add some new endpoints for getting > >> the > >> > pages back for a specific user. And you only get data back if you are > >> that > >> > user or you're an admin. > >> > > >> > What do y'all think? > >> > > >> > James > >> >
