[mashup-dev] [jira] Commented: (MASHUP-680) Can perform activity search without sign-in to the system

Fri, 14 Mar 2008 16:14:00 -0700 

    [ 
https://wso2.org/jira/browse/MASHUP-680?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15986#action_15986
 ] 

Jonathan Marsh commented on MASHUP-680:
---------------------------------------

I contemplated this for a while, and came to the following conclusions:

1) Some of the data available through the Recent Activity query is unavailable 
through other means (e.g. I could compile a list of all the comments on all 
mashups, and reproduce the comments activity.)  Such data should be 
consistently private or public.  In the case of comments, I think public.

2) The data that isn't otherwise available (who precisely tagged a mashup and 
when, who precisely rated a mashup and when, and when a mashup was updated) 
doesn't seem terribly useful to hide.

3) We currently don't hide any data or content depending on who's logged in.  
The only thing we do is hide facilities to add or edit the data (e.g. add a 
tag) from anonymous users in order to keep an author associated with each piece 
of data in the system.  This helps establish trust and prevents abuse from 
anonymous users.  Although there are reasons to make this model more 
sophisticated (e.g. only allow my friends to see my mashup), hiding recent 
activity queries seems like doodling at the edges of a much larger change in 
our system - adding "read" permissions alongside the current "write" 
permissions.

> Can perform activity search without sign-in to the system
> ---------------------------------------------------------
>
>                 Key: MASHUP-680
>                 URL: https://wso2.org/jira/browse/MASHUP-680
>             Project: WSO2 Mashup Server
>          Issue Type: Bug
>          Components: Admin UI
>         Environment: WinXP, JDK1.5
>            Reporter: Yumani Ranaweera
>            Assignee: Jonathan Marsh
>            Priority: Minor
>
> Currently it allows you to do an activity search without signing-in to the 
> system. Shouldn't this be disabled until the user signed-in?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
https://wso2.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

_______________________________________________
Mashup-dev mailing list
[email protected]
http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev

Reply via email to