Currently there is almost no UI written for users to manage themselves, and barely any UI for admins. Users should be able to see if they are logged in or out, should be able to change their password, and should be able to log out.
We should also have a user dashboard where people can see their most recent posts. If this view is exposed to other users, then it also needs to be filtered by permission, which poses an issue. See, our permission check involves multiple table joins and recursive checks which aren't suitable for an SQL query; but we need to have the permission check in SQL so that we can paginate the query. Paginating in PHP would require a potentially unbounded number of queries, or leaking information about post frequency on hidden forums. It may actually be easier to list all forums the given user has view access on (more bounded than thread count), then filter by that list.
Currently there is almost no UI written for users to manage themselves, and barely any UI for admins. Users should be able to see if they are logged in or out, should be able to change their password, and should be able to log out.
We should also have a user dashboard where people can see their most recent posts. If this view is exposed to other users, then it also needs to be filtered by permission, which poses an issue. See, our permission check involves multiple table joins and recursive checks which aren't suitable for an SQL query; but we need to have the permission check in SQL so that we can paginate the query. Paginating in PHP would require a potentially unbounded number of queries, or leaking information about post frequency on hidden forums. It may actually be easier to list all forums the given user has view access on (more bounded than thread count), then filter by that list.