On Fri, Jan 28, 2011 at 2:01 PM, Stephan Beal <[email protected]> wrote: > On Fri, Jan 28, 2011 at 10:39 PM, Brian Smith <[email protected]> wrote: >> >> Absolutely. I hope I wasn't coming off as belligerent. I like the >> half-way compromise. > > LOL! By no means did you come across as belligerent. >
Good. > > i'm currently looking into how i can do this for the cgi interface, but i > think i'll have to add a separate page, e.g. /timeline/json, in order to > avoid touching/refactoring the existing page_timeline() impl too much. That > impl outputs a page header and whatnot, and i don't have to have to "if" > that type of thing out if i can avoid it. > > One problem we _might_ have when fetching json over cgi from scripts (or non > browsers, to be exact), is that of access rights. Does the guest (which is > who we will effectively be) have access to all the timeline info we will be > publishing? > Only if it's configured as such. I have a repo that is completely locked down. Doing anything more than viewing the login page requires a login. Just follow the permissions checking done in the regular timeline page. If remote automated scripts need access, they can get a cookie and use that. Also, for localhost, 'fossil ui/server' allow unauthenticated access by default, under the assumption that localhost is trusted. -B _______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
