The resource is used in the portal routing here: https://github.com/apache/rave/blob/angular/rave-portal-resources/src/main/webapp/static/script/portal/routes.js#L34
In that case the URL being hit is pages/render/portal/@self On Thu, Aug 21, 2014 at 1:35 PM, Jmeas Apache <[email protected]> wrote: > Erin, this is a bit of a tangent, but might you know of an example URL I > can hit that would return results for the render endpoint? > > There are three parts to the URL: context, identifier, and ID. I'm trying > to see what the endpoint returns, but I'm not sure what these values > represent. Are there example values you know of that I can place into the > URL to get a response from the API? > > James > > > On Thu, Aug 21, 2014 at 2:50 PM, Jmeas Apache <[email protected]> > wrote: > >> *I'm not sure that the /pages endpoint ACTUALLY works that way - it just >> should.* >> >> Ah, of course. My apologies, I misunderstood you before. I agree with ya. >> >> *I can point you towards where it is used in the angular branch* >> >> Awesome, I appreciate that. Thanks for your help, Erin! >> >> >> On Thu, Aug 21, 2014 at 2:48 PM, Erin Noe-Payne <[email protected]> >> wrote: >> >>> I'm not sure that the /pages endpoint ACTUALLY works that way - it just >>> should. >>> >>> >>> I'm also not sure about documentation on the pages for render resource >>> but I can point you towards where it is used in the angular branch: >>> >>> https://github.com/apache/rave/blob/angular/rave-portal-resources/src/main/webapp/static/script/common/resources/PagesForRenderResource.js >>> >>> On Thu, Aug 21, 2014 at 12:29 PM, Jmeas Apache <[email protected]> >>> wrote: >>> > *In otherwords the /pages endpoint returns alist of all pages that a >>> given >>> > user is allowed to see.* >>> > >>> > Interesting. I wasn't able to reproduce this on the master branch with >>> > jane.doe as the user (who doesn't have admin rights). She can see >>> > everyone's pages. Might I be doing something wrong? Or might the master >>> > branch be outdated relative to the Angular branch in this regard? >>> > >>> > *there is a "pages for render" endpoint* >>> > >>> > Oh, really? Awesome! Is this documented somewhere? >>> > >>> > >>> > On Thu, Aug 21, 2014 at 2:25 PM, Erin Noe-Payne < >>> [email protected]> >>> > wrote: >>> > >>> >> In concept the /pages endpoint is only accessible as a logged in user, >>> >> and the list of pages returned to a given user will always be filtered >>> >> via their permissions. In otherwords the /pages endpoint returns a >>> >> list of all pages that a given user is allowed to see. >>> >> >>> >> Regarding the needs of the angular application, there is a "pages for >>> >> render" endpoint, because a page or pages need to be composed with its >>> >> regions, widgets, and security tokens before the widgets can actually >>> >> be rendered for the client. >>> >> >>> >> On Thu, Aug 21, 2014 at 12:04 PM, Jmeas Apache <[email protected] >>> > >>> >> wrote: >>> >> > Hey there folks! >>> >> > >>> >> > I'm looking at the endpoints for pages, which are specced out here >>> >> > <http://wiki.apache.org/rave/RESTAPI>, and I have some questions >>> for ya. >>> >> > >>> >> > One questions regards security and privacy. It seems that the /pages >>> >> > endpoint returns the pages for every user, and is also accessible to >>> >> every >>> >> > user – even users who aren't admins. Would it be preferable for >>> users to >>> >> > only be allowed to see their own pages, for the sake of security and >>> >> > privacy? >>> >> > >>> >> > Another problem I see is that there's no way to get the pages for >>> just a >>> >> > single user. In the Angular app, when Jane Doe loads her home page >>> all >>> >> that >>> >> > the API needs to give back are Jane Doe's pages. That's the most >>> valuable >>> >> > endpoint, I think, but I'm not seeing it listed on the spec. >>> >> > >>> >> > In fact, I might go so far as to say that, from the perspective of >>> the >>> >> > frontend, that's the *only *endpoint that we need. >>> >> > >>> >> > So the second suggestion is that we add some new endpoints for >>> getting >>> >> the >>> >> > pages back for a specific user. And you only get data back if you are >>> >> that >>> >> > user or you're an admin. >>> >> > >>> >> > What do y'all think? >>> >> > >>> >> > James >>> >> >>> >> >>
