On Nov 21, 2007 5:47 AM, Thinkboy <[EMAIL PROTECTED]> wrote: > I am thinking how to set a certain blog as private , then whoever > trying to view this entry will be authenticated.
What if weblog posts had the following levels of privacy: - Private: only members of the blog can see the entry - Protected: only logged in Roller users can see the entry - Public: everybody (including anonymous visitors) can see the entry Would that be sufficient? > of course, i am not referring the servlet security spec. > how about a tag / or extra column for weblog entry. when we view a > page , set a pointcut to verify this special tag, > and protect this by acegi . We don't do any AOP in Roller, so point-cut is out. And we don't want to depend directly on Acegi because Roller should also be able to work with Container Manager Authentication (CMA) too. I think we could implement the levels of privacy above using the Roller 4.1 permission system, plus one additional field on each entry. However, the implications on caching and feeds could make things a little complex. We'd need to think through those issues very carefully. Discussions like this should probably happen on the dev list. - Dave
