On Wed, May 02, 2007 at 12:19:11PM +1000, Kathryn Andersen wrote: > (Following up on pmwiki-devel) > On Tue, May 01, 2007 at 08:21:04PM -0500, Patrick R. Michaud wrote: > > All of this is just a way of saying that I think we need > > a different overall solution to the problem here -- i.e., > > being able to bypass edit to write to *any* page is too > > blunt an instrument for what we're trying to achieve. > > Whatever happened to the "append" level of security that you were > considering as a solution to adding blogging/commenting capability to > PmWiki?
Well, that's what I've spent months struggling with on this issue. :-) I think I've come to the conclusion that adding another authorization level doesn't really resolve the problem in a satisfactory manner. First, it adds complexity, as anyone using the forms processing engine would then have to understand how the additional authorization level works. But beyond that, not everyone who edits a page also has the ability to change passwords or authorization levels on the page. So, that's why I started casting about for other approaches to the problem. My current attempt involves looking for specific enabling strings on pages that allow append/update, or allowing the authority to be delegated based on patterns in the target page's name [1]. Thanks, Pm [1] http://www.pmichaud.com/pipermail/pmwiki-users/2007-April/042082.html _______________________________________________ pmwiki-devel mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
