[sugar] filtering result of an object chooser

Tomeu Vizoso tomeu at tomeuvizoso.net
Mon Mar 3 05:01:52 EST 2008


On Sat, Mar 1, 2008 at 9:32 PM, Bert Freudenberg <bert at freudenbergs.de> wrote:
>  On Mar 1, 2008, at 20:36 , Michael Stone wrote:
>  >> I think Bitfrost says that activities that wish to access other
>  >> objects from the journal will need to ask for permission to read an
>  >> specific object type.  Michael, can you comment on this?
>  >
>  > See tickets #2328 and #3801 [1,2] for my existing comments.
>  >
>  > [1] http://dev.laptop.org/ticket/2328
>  > [2] http://dev.laptop.org/ticket/3801
>
>  The only comment relating to the ObjectChooser I could see was
>
>         http://dev.laptop.org/ticket/2328#comment:15
>
>  But I can see what your concern is even in the read-only case - the
>  chooser returns an object_id and then the activity uses the normal
>  Datastore API to access it. This is a potentially risky two-step
>  process. How about instead returning a secure token from the
>  ObjectChooser that can only be used to read that specific entry? This
>  would guarantee the user actually designated this exact object to be
>  opened.

I'm not sure I understand the problem here, but have added some
comments to the ticket that may be related:

http://dev.laptop.org/ticket/2328#comment:20

Tomeu


More information about the Sugar mailing list