Yeah, we probably need to check to see if they can read the page. For instance, imagine a private wiki -- if you could edit a page somewhere (say a general discussion area) you could plop down a map and see all the locations they'd plotted.
I agree it's an edge case, but checking may.read() on Page() isn't that hard -- the ACL information is cached. -philip 2009/3/30 Brent Laabs <bsla...@gmail.com>: > I just had sort of a wild idea. Alex and I are building an overview map of > all of a wiki's pages, so data from every mapped page will be displayed. Do > we need to care about access control on individual pages? Particularly with > regard to read access. Or can we just read the all the points? > > My personal opinion is not caring if everyone can read the map points, since > it's easier and takes less database queries. Still, I thought I'd ask if > anyone else here has strong opinions to the contrary. > > Brent > > _______________________________________________ > Sycamore-Dev mailing list > sycamore-...@wikispot.org > http://www.projectsycamore.org/ > https://tools.cernio.com/pipermail/sycamore-dev/ > https://tools.cernio.com/mailman/listinfo/sycamore-dev > > _______________________________________________ Sycamore-Dev mailing list sycamore-...@wikispot.org http://www.projectsycamore.org/ https://tools.cernio.com/pipermail/sycamore-dev/ https://tools.cernio.com/mailman/listinfo/sycamore-dev
