[pmwiki-users] Concern about insert vs edit

Patrick R. Michaud pmichaud at pobox.com
Sun Oct 1 22:23:11 CDT 2006

On Sun, Oct 01, 2006 at 10:53:35PM -0400, Neil Herber wrote:
> At 2006-10-01  02:59 PM -0500, Patrick R. Michaud is rumored to have said:
> >Essentially, PmWiki's core permission levels will be read, edit,
> >insert (comment), upload, attr, and admin.
> >  - anyone with admin permission can do anything
> >  - if a page doesn't have an edit password, it uses the read password
> >  - if a page doesn't have an insert password, it uses the edit password
> >  - if a page doesn't have an attr password, it uses the edit password
> >
> >It might look to many that this has "insert" and "edit" backwards --
> >i.e., that "edit should be a higher level than insert".  But I think
> >this is contrary to what authors will expect.  If as a page author
> >I put an edit password on a page, I don't expect people to be able
> >to later sneak content into the page by using ?action=insert or
> >?action=comment.
> If I read the above correctly, it is exactly the opposite to what I 
> would want to have on all of my wikis.
> Rather than try to re-use the edit/insert language (which is new to 
> me - been away), I would like (need!) to have:
> 1) Anyone able to read a page, unless it requires a read password.
> 2) Anyone able to comment on a page (as with commentboxplus), unless 
> it requires a "comment" password.
> 3) Anyone able to edit a page, unless it requires an edit password.

No problem.  Adding the following to config.php will change things
so that any page without an insert password uses the read password.

    $AuthCascade['insert'] = 'read';

Thus, if there's a comment password, it's required for commenting;
if there's not a comment password, then anyone can comment on the
page as long as they have read permission.

> I (and my authors) see commenting as a lesser privilege than full 
> editing. 

Sure, I can fully understand that.  But commenting is slated to 
be an optional "add-on" feature for PmWiki.  Suppose a site runs
for a while with commenting disabled, and some authors have
edit-protected pages.  I suspect that some authors and admins
will be very surprised if enabling the comments feature suddenly
means those previously "write-protected" pages can suddenly be 
written to.

If the way I'm heading is going to be too confusing, it's not too
late to change things, but just as people expect the "read" password
to protect a page from being read (by any action), I suspect we
want the "edit" password to default to protecting a page from
being written (by any action).

> With full editing, the edits are invisible unless you look 
> at the history, while with commenting, the edits are immediately 
> visible. 

I'm not sure I understand this last statement -- do you mean
that comments are "visible" because of the box decoration around
the additions?


More information about the pmwiki-users mailing list