Forum OpenACS Development: Re: Liferay integration

Collapse
4: Re: Liferay integration (response to 3)
Posted by Malte Sussdorff on
Would it, as a first step, be okay to check if the user has read permission on the package? I am pretty sure that all includes are called after a permission check on the package and if they need to limit this further, the include itself uses the user_id (this is the fact in forums, projects and file-storage as far as I looked).

But I see your point for sure and there seems no easy solution for it. I would probably add a parameter in the .info file of the package to declare if it is safe to included all includes in /lib. But this should be a discussion on a larger scope on how to include and exchange content from and to OpenACS in the first place.