[ewiki] Re: request (ii): everybody edit new page | inheritance | hiding pages

• From: Mario Salzer <mario@xxxxxxxxxxxxx>
• To: ewiki@xxxxxxxxxxxxx
• Date: Thu, 04 Mar 2004 15:37:03 +0100

>
> ## request (ii): everybody edit new page
> > [...]
> > That "perm_rights_actions" ought to be that exception... (needs some
> > investigation)
>
> Has one of you looked into the code where to fix that?

You could eventually fix that by adding the general exception rule into
the auth_perm_unix() function. Right after "...refetch page $dat" you
would write:

   if (!$data["version"]) { 
      return("_ALWAYS_ALLOW_EVERYTHING_FOR_NONEXISTENT_PAGE=1");
   }

But be sure to write in all-uppercase, or it may not work!  ;)


> ## "inheritance" (not: inheritance)
>
> As Mario commented, there is no inheritance in ewiki, not even for subpages, 
> which I find okay. But for user-friendlieness, would the following feature be 
> possible in the current architecture*? : Take the user, groups and 
> "rwxrwxr-x" from the previous page and use them as __fictional__ settings for 
> the virgin-page, with which the user can do whatever.

This was possible, and not even a big thing to do. (It boiled down to
adding an "?id=...&from_page=..." parameter for QuestionMarkLinks.)

However, I think this opened a security hole, because people then could
take access rights from the sandbox (which usually would be wide open)
to any other page. So users then could randomly create pages, if even
other restrictions should apply for page creation (inheritance is not
always good, therefore the additional ACL features for filessystems).

The "from_page=..." would also make for nice meta data in respect to
building a comprehensive hypertext site. But on the other hand it
looks like some kind of user tracking, and there was yet no valueable
application for it.


>
> ## hiding pages
>
> Hiding links to un-authed pages I find a very interesting idea. In case you 
> have code along that line, I'd be interested. At least applying it to my 
> (Name.Subname.)Menu-pages, would be very convenient so that one Menu would 
> suffice, showing each resp. user only what he's allowed to access.

Hidden links make people only more curious. Especially if there were
WikiWords in a text, which weren't rendered as links, people would start
to look for it by manually entering the URL or so.

The code usually used for pre-checking access rights is however:

   if (!ewiki_auth("PageName", $uu, "view", false, 0)) {
      ... //no access

you could use this to determine if a link in your menu should be hidden
from a user.

But then it may be easier to add some sort of access flags to your
user profiles for accomplishing those tasks (it's about hiding a few
site sections?)  This could be faster or easier to do.

• References:
  • [ewiki] request (ii): everybody edit new page | inheritance | hiding pages
    • From: massenmensch

Other related posts:

• » [ewiki] request (ii): everybody edit new page | inheritance | hiding pages
• » [ewiki] Re: request (ii): everybody edit new page | inheritance |hiding pages
• » [ewiki] Re: request (ii): everybody edit new page | inheritance | hiding pages

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription