launchpad-dev team mailing list archive

[Curtis Hovey <curtis.hovey@xxxxxxxxxxxxx>]

On Mon, 2010-11-08 at 16:06 +0000, Julian Edwards wrote:
> 
> Have you considered the case where a page is made up of private and
> non-
> private objects?  The /builders page has this situation (among
> others). 

Not with a privacy stripe. There was discussion in the past of
decorating private items in a page with a lock. Private bugs have a lock
badge on them, but there was no decision to make it uniform since badges
are not a universal Launchpad concept.

In the case of private teams, you cannot access anything on the object
if you do not have permission, so we use a tales formatter to ensure
access to displayname and url do not cause a 403 for the whole page. We
then changed queries that could return private teams to only include
them when the user has permission. The SQL is often like:
public=True UNION private=False AND user in (TeamParticipation).

-- 
__Curtis C. Hovey_________
http://launchpad.net/

Attachment: signature.asc
Description: This is a digitally signed message part