[pmwiki-users] PmWiki Magazine proposed Submission/Approval Process

[Crisses]

On Oct 2, 2006, at 8:38 AM, Américo Albuquerque wrote:

> Patrick R. Michaud wrote:
>> On Sat, Sep 30, 2006 at 09:01:37PM -0500, Ben Wilson wrote:

>> Just to avoid potential future confusion...
>>
>> I don't think of permission levels as having an intrinsic "order"
>> to them as implied here, nor does PmWiki implement them that way.
>> For example, just because someone has permission to add comments
>> to a page doesn't automatically imply they can read it.  (Consider
>> the case where comments are stored separately from the page being
>> commented upon.)
> Actually is does exactly that. How can you comment something you  
> haven't
> red before?

The concern isn't whether people are legitimately commenting, but if  
people are hacking or spamming the wiki.

It seems that if the commenting feature is enabled, someone can post  
comments to any wiki page, unless the page is protected against  
having comments.

This could turn out to be a hazard for PmWiki installations, since  
we're already being hacked.

>> Also, "draft" doesn't sound to me like a separate permission level,
>> if we need something like this, then it likely will be handled
>> in terms of edit permissions on the "-Draft" pages.  But I'm
>> still mulling this over (and PmWikiPhilosophy #3 applies here).
>>
> I think we're mixing draft pages with draft articles. Draft pages are
> pages I'm editing but are not ready to be saved yet. Draft articles  
> are
> already saved pages but that are not considered to be finished  
> products.
> A draft article can be changed after being saved, an article, when
> saved, is supposed to stay read only. If you want to change  
> anything you
> write another article stating that it will surpass the previous one.

If I were writing a draft page, I would still want it saved someplace  
on the wiki so I could come back to it later.  That's why I would  
rather have a page group on the wiki for drafts: Group-Drafts/ 
PageName.  I could read-protect the area if I wanted to.

>> Essentially, PmWiki's core permission levels will be read, edit,
>> insert (comment), upload, attr, and admin.
>>   - anyone with admin permission can do anything
>>   - if a page doesn't have an edit password, it uses the read  
>> password
>>   - if a page doesn't have an insert password, it uses the edit  
>> password
>>   - if a page doesn't have an attr password, it uses the edit  
>> password
>>
> Again I say that comment is not the same as insert. When I'm  
> commenting
> a page, my comments become read-only. Insert means the person with  
> edit
> permissions can change what was inserted. This means that an author  
> can
> later change a comment that he/she doesn't like

The way it's being done, the page comments can be edited when the  
page text is edited.
Authors changing someone's comments would be bad etiquette, but what  
if the comment is spam? Shouldn't the author be able to clean it out?

Also, if a comment is rendered obsoleted (such as a "to do item" --  
the author could comment his/her own work saying "I still need to add  
XYZ to the page.") it can be removed.

>> It might look to many that this has "insert" and "edit" backwards --
>> i.e., that "edit should be a higher level than insert".  But I think
>> this is contrary to what authors will expect.  If as a page author
>> I put an edit password on a page, I don't expect people to be able
>> to later sneak content into the page by using ?action=insert or
>> ?action=comment.
>>
> Does it means that a person adding a comment expects to see his/her
> comments changed or deleted by those who edit the page? This can be  
> true
> when "inserting" in a page but can not be true when "commenting" a  
> page

If you are concerned with this, you could keep comment pages separate  
from the articles -- a Group-Comments/PageName where the group has  
admin-only edit, but world or id=* insert privileges.  Anyone can  
comment, only the admin can remove the spammy comments.

Crisses