[mashup-dev] [jira] Commented: (MASHUP-680) Can perform activity search without sign-in to the system

Jonathan Marsh (JIRA) jira at wso2.org
Fri Mar 14 16:13:45 PDT 2008 

    [ https://wso2.org/jira/browse/MASHUP-680?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15986#action_15986 ] 

Jonathan Marsh commented on MASHUP-680:
---------------------------------------

I contemplated this for a while, and came to the following conclusions:

1) Some of the data available through the Recent Activity query is unavailable through other means (e.g. I could compile a list of all the comments on all mashups, and reproduce the comments activity.)  Such data should be consistently private or public.  In the case of comments, I think public.

2) The data that isn't otherwise available (who precisely tagged a mashup and when, who precisely rated a mashup and when, and when a mashup was updated) doesn't seem terribly useful to hide.

3) We currently don't hide any data or content depending on who's logged in.  The only thing we do is hide facilities to add or edit the data (e.g. add a tag) from anonymous users in order to keep an author associated with each piece of data in the system.  This helps establish trust and prevents abuse from anonymous users.  Although there are reasons to make this model more sophisticated (e.g. only allow my friends to see my mashup), hiding recent activity queries seems like doodling at the edges of a much larger change in our system - adding "read" permissions alongside the current "write" permissions.

> Can perform activity search without sign-in to the system
> ---------------------------------------------------------
>
>                 Key: MASHUP-680
>                 URL: https://wso2.org/jira/browse/MASHUP-680
>             Project: WSO2 Mashup Server
>          Issue Type: Bug
>          Components: Admin UI
>         Environment: WinXP, JDK1.5
>            Reporter: Yumani Ranaweera
>            Assignee: Jonathan Marsh
>            Priority: Minor
>
> Currently it allows you to do an activity search without signing-in to the system. Shouldn't this be disabled until the user signed-in?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://wso2.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the Mashup-dev mailing list