[dokuwiki] Re: Prevent overwrite of mediafiles (was: Planned features for DokuWiki)

  • From: Matthias Grimm <matthiasgrimm@xxxxxxxxxxxxxxxxxxxxx>
  • To: dokuwiki@xxxxxxxxxxxxx
  • Date: Sat, 4 Jun 2005 15:35:59 +0200

On Sat, 04 Jun 2005 12:41:07 +0200
Andreas Gohr <andi@xxxxxxxxxxxxxx> wrote:
 
> Well no I think there is no difference between overwriting and deletion. 
> Both should be only allowed for adminlike people. Deleting a file is no more 
> devastating then overwriting a file with garbage. So I see no sense in 
> splicing the permission system more.

Maybe my application is special to this. I once told you that I use
DokuWiki in an closed (more or less trusted) environment without
connection to the internet. I don't need to think of preventing sabotage
but I have to spent a lot of thougthts to prevent accidents because
users will usually first click, then think. :-)

The Wiki is also used to store various data files (not only images) to
describe a certain topic and users must be allowed once and again to
update these files. So I can't limit the overwrite feature to admins
only. But due to the "click first, think later" thing I had problems to
allow them to delete media files without reference check.

> > 1. to split the DELETE permission up into two: 

This was for completeness only. I neither think this solution would
last long nor thought seriously of realizing it.

> > 2. automatically check existing references to the media file and deny to
> > delete it if there are still some. This could be done with the built-in
> > search function. This function could also be used to show the user where
> > these references are.
> 
> This could make more sense, but may be a large performance overhead again. 
> How about an additional button to manually check for references? So "Admins" 
> could check before they delete.

The performance overhead could be limited if we only check for
references, when the user wants to delete a file. This is similar to the
extra check button you suggested but doesn't need an extra button. We
don't need any checks if the user doesn't want to delete anything.

> So far we went with a very simple permission system for uploads and as far 
> as I know it did work very well. We now have a little bit more control to 
> avoid dataloss, but I think we shouldn't exaggerate the whole thing. If one 
> needs a full blown permission and history system for media files maybe 
> another wiki engine would be the better choice... I'd like to keep DokuWiki 
> as simple as possible.

I fully agree to this :-) I'm interested in a simple and efficient
DokuWiki engine too. My intention is to protect my users against
possible consequences of their doings which they can't overlook.
Deleting media files and possible broke a lot of references is such a case.

I will try to implement such a reference check and then you could decide
if it is over-the-top. What do you think?

 Best Regards
   Matthias

-- 
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Other related posts: