Restricting viewing users who do not have site membership in common

[idwright]

This is a catch all issue to discuss the behaviour of this feature as it is known to be imperfect.

A considerable amount of work has been done based on the premise that an attempt to access the details of a restricted person would generate an AccessDeniedException (from CustomACLEntryAfterInvocationProvider) and this is fairly straightforward and has been left in place.

However this has now been changed to a NoSuchPersonException because, in general, the calls to personService.getPerson will handle this exception in some way.

Note that not all calls to retrieve the details of person make use of the personService and in this case the ACL won't protect those details e.g. ActivityServiceImpl.getUserFeedEntries gets the details direct from the database via feedDAO.selectUserFeedEntries and therefore those details are passed back to the UI.

In practise this is probably OK because it should only show for people who have left the site, rather than people who were never associated with the site, and the historical, same site, user information is fine not to be restricted.