[pmwiki-users] PmWiki Magazine proposed Submission/Approval Process

Patrick R. Michaud pmichaud at pobox.com
Mon Oct 2 14:51:18 CDT 2006

On Mon, Oct 02, 2006 at 11:12:31PM +1000, Kathryn Andersen wrote:
> On Mon, Oct 02, 2006 at 01:38:28PM +0100, Am?rico Albuquerque wrote:
> > Patrick R. Michaud wrote:
> > > On Sat, Sep 30, 2006 at 09:01:37PM -0500, Ben Wilson wrote:
> > >> Should we expect permissions to be (in decending order)
> > >> Admin, Edit, Draft, Comment, Read? 
> > > 
> > I might be mixing things a little but it seams to me that a comment is 
> > something you do outside of a page.
> What has been said before, and now needs to be said again, PM is writing
> the comment facility so that comments can *either* be in a separate page
> (which might have some naming convention like MyPage-Comments, but
> doesn't have to) OR comments can be added to the content of the page,
> and not only that, but they can be *inserted* into a page, rather than
> being limited to being appended to the end of a page.
> This is because PM is generous and wants us to have maximum flexibility.

No, Pm is just greedy.  :-)  

Actually, it goes beyond a simple "maximum flexibility" principle --
I actually have specific real-world use cases for each of these 

> > The comments normally doesn't appear 
> > on the main text but on a separated page.
> It *may*.  It doesn't have to.
> > > For example, just because someone has permission to add comments
> > > to a page doesn't automatically imply they can read it.  (Consider
> > > the case where comments are stored separately from the page being
> > > commented upon.)
> > Actually is does exactly that. How can you comment something you haven't 
> > red before?
> The point being made here is that the configuration is so flexible that
> the wiki administrator can set permissions completely arbitrarily --
> even when those permissions would seem to be illogical.

It's a bit more than that, and it's perfectly logical.  

Let's start with Américo's question of "How can you comment something
that you haven't read before?"  Furthermore, let's suppose that, as
Américo advocates, comments are being stored on a page other than the
one being commented upon.  For convenience, let's call the pages "XYZ" 
(the page containing the comment form) and "XYZ-Comments".

I envision situations where a person is allowed to read the XYZ page,
and is allowed to make comments on XYZ that are written to XYZ-Comments,
but the commenter does *not* have read permission to the XYZ-Comments 
page.  In other words, the commentbox on XYZ could invite people to 
submit "confidential" comments; i.e., the comments they submit cannot
be viewed by other people submitting comments.

In this scenario, the person submitting comments can add to the
XYZ-Comments page but cannot view it, and they can view the XYZ
page but cannot edit or add to it.

In short, the ability to add a comment somewhere needs to be
independent of ("orthogonal to") the ability to view or edit a page.
Now then, there can be defaults in place that say that someone
can comment if they have edit or read permission, but those are
just default settings.  The system needs to be able to accommodate
the situation where comment, read, and edit are totally independent
(and this is how PmWiki's authorization system works internally).

> > Again I say that comment is not the same as insert. When I'm commenting 
> > a page, my comments become read-only. 

They *cannot* be read-only, because we have to preserve the ability
for someone -- even if it's just the administrator -- to be able
to correct or retract something that has been erroneously posted.
Saying that "comments always become read-only" is a policy choice, 
which means that PmWiki should make it possible to configure the
system to support this particular policy.  It does not mean that
PmWiki should impose this particular policy on every site that wants
to use a commenting feature.

> (*) So far as I can see, from what PM has said about the new commenting
> facility which he's going to put into 2.2, in order to have this
> "comments can never be deleted or edited" setup, you would do the
> following:
> - put a commentbox in the page which appends comments to
>   {*$FullName}-Comments (the comments page for this page)
> - set the permissions on the -Comments page so that it can only be
>   appended to, and not edited by anybody.
> Thus the original author of MyPage can still edit MyPage, but nobody can
> edit MyPage-Comments.

Exactly.  Essentially one sets the edit password of MyPage-Comments
to "@lock", and the insert password to "@nopass".  This makes all
comments read-only (except to the administrator), but allows anyone
to add more comments.


More information about the pmwiki-users mailing list