launchpad-dev team mailing list archive

[Julian Edwards <julian.edwards@xxxxxxxxxxxxx>]

On Monday 08 November 2010 16:28:20 Curtis Hovey wrote:
> On Mon, 2010-11-08 at 16:06 +0000, Julian Edwards wrote:
> > Have you considered the case where a page is made up of private and
> > non-
> > private objects?  The /builders page has this situation (among
> > others).
> 
> Not with a privacy stripe. There was discussion in the past of
> decorating private items in a page with a lock. Private bugs have a lock
> badge on them, but there was no decision to make it uniform since badges
> are not a universal Launchpad concept.
> 
> In the case of private teams, you cannot access anything on the object
> if you do not have permission, so we use a tales formatter to ensure
> access to displayname and url do not cause a 403 for the whole page. We
> then changed queries that could return private teams to only include
> them when the user has permission. The SQL is often like:
> public=True UNION private=False AND user in (TeamParticipation).


In that case I am a little confused, because jml said that it was in the LEP 
earlier in the thread today.  Or jml, were you talking about something 
slightly different?

I'm not a visual designer by any stretch of the imagination so I'm unsure of 
how best to render in-page private items that you can see, but doing it 
consistenly across LP surely has to be a priority.  It would be nice to do it 
all in the view class code somewhere too where you can specify alternate text 
to display for unauthorised users.

Cheers.