Tom, I'm right with you when you're saying that you shouldn't display objects the user hasn't any right to see. So we definately need to have (expensive) permission-queries when displaying object-lists.
I just had a look at FtsContentProvider.Url and it looks good although there are a few (minor?) drawbacks:
- every implementation has to get the site-node-url (in my proposal i thought that this could be done by the redirecting-page so that the service-contract implementation just needs to return the local url in a package to display an object)
- maybe it would be nice to be able to use the redirecting page for objects not to be stored in site-wide search (because they don't contain searchable data) like apm_packages, users, forums_forum and the like) so maybe we should decouple the object_id -> url translation from search
