|Re: [p2-dev] P2 security management|
|As Henrik said, the repository serialization format is not API. Instead p2 provides various APIs to interact with the repositories (I*Repository) and API to create the IUs themselves (see MetadataFactory class in bundle org.eclipse.equinox.p2.metadata).|
That said, don't worry about the repository format changing. Even it was to change we would retain backward compatibility with the existing format to not cause grief to the ecosystem.
On the actual solution, thinking out loud, I'm wondering if you can map the user access rights to p2 categories (a category is just an IU with requirements on the IUs that needs to be shown as part of the category), and to identify which category to show for each right, you could have the category provide specific capabilities. This way, once the application has determined the rights for a given user, the application just has to query the categories for the determined rights and then show the categorized content. With this approach you may be able to have a content.xml that is "static" rather than being generated on every request.
Note that with the generative approach you are taking you want to be careful to the timestamp being returned on the HEAD requests that p2 does to the server to avoid unnecessary downloads. This is because p2 caches content.xml locally based on the timestamp and does HEAD request to know if it is still up-to-date.
On 2013-01-03, at 6:07 AM, Ervin O wrote: