Ross Gardler wrote: > Upayavira wrote: > >> Stefano Mazzocchi wrote: >> >>> Upayavira wrote: > > > ... > >>>>> An "edit this page" link would make is *sooo* much better to tie the >>>>> whole system together and shouldn't be that hard. >>>> >>>> >>>> >>>> >>>> With one of those 'don't crawl me' request parameters, I assume? And a >>>> robots.txt on Daisy. We don't want our daisy content crawled by search >>>> engines, do we? >>> >>> >>> >>> why not? showing a login page to a search engine is not going to make >>> that big of a difference >> >> >> >> Well, at the moment, all content in Daisy is visible to the world. I >> don't like this. Were it protected in some way, I would agree with you. > > > It can be protected in pretty much any way you want, anyone with admin > rights on Daisy can do it. > > Anyone who arrives at the wiki initially has the role of "guest". People > can self register, this makes them "user". After this rights have to be > defined and assigned by an admin. > > In addition we can limit access to only live documents, i.e. published > and to particular collections. It's also possible on a per page basis > but administration of this is cumbersome, the ACL interface is not > really geared up for this. > > So the question is, with respect to read access to the "live" documents > and to the "in development" docs (write access is already defined): > > 1) should we keep access open to all users (including guests) > 2) should we allow access to users (self registration possible) > 3) should we only allow access to people approved by the community > > My view is that we restrict read access to published docs to "users" and > encourage people to comment on the docs rather than edit them. > > The we have the existing doc-editors and doc-committers role for editing > and publishing.
Thank you for this clarification, Ross. I would say definitely #2. Basically, we want to encourage people to participate, so allowing them to self-register assists in that. Otherwise, how do we find our next doc-editors. However, we need some kind of protection against the hoardes of people just searching the net for information. They should go directly to our public site and be kept away from Daisy. A simple "login _here_. Click _here_ to create an account" should, IMO, be sufficient. Once they've logged in, then we need to clarify what they see. I would say that once someone has logged in, they can see unpublished docs. After all, more-or-less anonymous people can see the innards of our SVN repo, so why not do the same with docs? The act of logging in is in my mind sufficient recognition of the fact that this is not public and published. Regards, Upayavira
