David E. Jones wrote:
By way of general commentary on this: the functionality sounds great
as a starting point for something that could compete well with
Confluence. The functionality here is still mostly oriented at solving
technical problems though, and in the case of docs.ofbiz.org there are
certain functionality requirements we need that would still have to be
built.
I would also be concerned with this for a public wiki unless the code
that you can include in a page is extremely limited and can't do much,
and even then it would be a constant security concern. If you have an
internal group working on stuff then it's not such a big deal, but for
a public wiki even if controlled going in that direction is a bit scary.
However it's done when there is an alternative that is totally open
source, and it is one that the ASF supports or is likely to support,
then we can go for it. Until then, there's not much we can do.
For this thing on its own it looks pretty cool and it will be great to
see it available in an open source project.
We have had to address this issue for customer deployments. We check a
role on the website (assigned in the standard ofbiz way) to determine
whether you can edit a particular resource. Those roles can be
arbitrary. It would be simple to limit public editing to items that are
only of plain wiki text type. This would completely block an
unauthorized user from executing code.
One of the more public facing functions we've put the system into was
for the Sun Tech Days conference in Brasil. Using the copy-on-write
system we created a base conference template and then cloned it for 15
conferences in cities all over the country. Each site was assigned its
own staff using the party manager and website roles and each group could
edit its pages independently. You can see the results at
http://techdays.soujava.org.br. We used the same functionality to manage
the sign-ups for the Java Bloggers event at Java One. You can see that
at http://javabloggers.gobof.org.
I think that the system is probably up to the task of managing the OFBiz
wiki.
