Forum OpenACS Development: Re: stable urls for all objects

Collapse
Posted by Dirk Gomez on
Tom, we are talking about adding *one* file. If you don't find it useful then don't use it. (However it is quite likely that other packages will be picking up if it gets accepted - which it should.)

This functionality is not about showing random objects, but it'll provide for *extremely cheap* creation of links to OpenACS-internal objects. The current approach is *very expensive*.

About your security concerns: the permissioning will still be done by the target page, nothing is shown out of context. The *tricky* thing is that the redirect must not take place if the user doesn't have appropriate permissions on the target page, because the URL may already contain sensitive information. So the redirecting page should contain the same permissioning code like the "view" page.