[pmwiki-users] PmWiki Magazine proposed Submission/Approval Process
Crisses
crisses at kinhost.org
Mon Oct 2 07:58:04 CDT 2006
On Oct 2, 2006, at 8:38 AM, Américo Albuquerque wrote:
> Patrick R. Michaud wrote:
>> On Sat, Sep 30, 2006 at 09:01:37PM -0500, Ben Wilson wrote:
>> Just to avoid potential future confusion...
>>
>> I don't think of permission levels as having an intrinsic "order"
>> to them as implied here, nor does PmWiki implement them that way.
>> For example, just because someone has permission to add comments
>> to a page doesn't automatically imply they can read it. (Consider
>> the case where comments are stored separately from the page being
>> commented upon.)
> Actually is does exactly that. How can you comment something you
> haven't
> red before?
The concern isn't whether people are legitimately commenting, but if
people are hacking or spamming the wiki.
It seems that if the commenting feature is enabled, someone can post
comments to any wiki page, unless the page is protected against
having comments.
This could turn out to be a hazard for PmWiki installations, since
we're already being hacked.
>> Also, "draft" doesn't sound to me like a separate permission level,
>> if we need something like this, then it likely will be handled
>> in terms of edit permissions on the "-Draft" pages. But I'm
>> still mulling this over (and PmWikiPhilosophy #3 applies here).
>>
> I think we're mixing draft pages with draft articles. Draft pages are
> pages I'm editing but are not ready to be saved yet. Draft articles
> are
> already saved pages but that are not considered to be finished
> products.
> A draft article can be changed after being saved, an article, when
> saved, is supposed to stay read only. If you want to change
> anything you
> write another article stating that it will surpass the previous one.
If I were writing a draft page, I would still want it saved someplace
on the wiki so I could come back to it later. That's why I would
rather have a page group on the wiki for drafts: Group-Drafts/
PageName. I could read-protect the area if I wanted to.
>> Essentially, PmWiki's core permission levels will be read, edit,
>> insert (comment), upload, attr, and admin.
>> - anyone with admin permission can do anything
>> - if a page doesn't have an edit password, it uses the read
>> password
>> - if a page doesn't have an insert password, it uses the edit
>> password
>> - if a page doesn't have an attr password, it uses the edit
>> password
>>
> Again I say that comment is not the same as insert. When I'm
> commenting
> a page, my comments become read-only. Insert means the person with
> edit
> permissions can change what was inserted. This means that an author
> can
> later change a comment that he/she doesn't like
The way it's being done, the page comments can be edited when the
page text is edited.
Authors changing someone's comments would be bad etiquette, but what
if the comment is spam? Shouldn't the author be able to clean it out?
Also, if a comment is rendered obsoleted (such as a "to do item" --
the author could comment his/her own work saying "I still need to add
XYZ to the page.") it can be removed.
>> It might look to many that this has "insert" and "edit" backwards --
>> i.e., that "edit should be a higher level than insert". But I think
>> this is contrary to what authors will expect. If as a page author
>> I put an edit password on a page, I don't expect people to be able
>> to later sneak content into the page by using ?action=insert or
>> ?action=comment.
>>
> Does it means that a person adding a comment expects to see his/her
> comments changed or deleted by those who edit the page? This can be
> true
> when "inserting" in a page but can not be true when "commenting" a
> page
If you are concerned with this, you could keep comment pages separate
from the articles -- a Group-Comments/PageName where the group has
admin-only edit, but world or id=* insert privileges. Anyone can
comment, only the admin can remove the spammy comments.
Crisses
More information about the pmwiki-users
mailing list