Hi Alex,
On 5 Sep 2015 at 00:32:54, Alex Henrie (alexhenri...@gmail.com(mailto:alexhenri...@gmail.com)) wrote: > 2015-09-04 15:59 GMT-06:00 vinc...@massol.net : > > On 4 Sep 2015 at 19:56:31, Alex Henrie > >> If I understand you correctly, manual monitoring and moderation is the > >> only way to prevent a user from, for example, adding a bunch of > >> objects to a page that is supposed to be wikitext-only. > > > > Indeed that’s the general premise of a wiki and that’s how it differs from > > other tools: collaborating and creating content is hard, which is why wikis > > make it easy for users to do so without having to ask for permissions. > > Notifications, history and rollback features are the way to provide > > oversight. In the huge majority of cases, no action is required and > > serendipity happens :) > > > > In XWiki, wiki pages can contain either unstructured data or structured data > > (xobjects). There’s no fundamental difference between both types of data and > > users should be free to add and modify any type of data (provided they have > > edit rights on the page). > > > > You mention “a page that is supposed to be wikitext-only”. Who says that? :) > > Who says that a page which starts with wiki text cannot be improved by > > having some part of it structured? I’ve done this countless of times to > > provide more features. > > > > I personally would find it a pity to arbitrarily restrict permissions to > > only some users. That’s not the principle of wikis at heart. I’d say: always > > try to be the most open, and if it causes problems then close down a bit if > > there’s no other way. > > > > In addition, some companies are used to the traditional way of working and > > would prefer to close down things a bit. Because XWiki is a flexible > > platform and because it’s an Enterprise Wiki, it has a strong permission > > model. Recently (in XWiki 7.2M1 and 7.2M2), we’ve added a new permission > > called the Scripting Permission and it’s possible to give it only to some > > users. See > > http://www.xwiki.org/xwiki/bin/view/ReleaseNotes/ReleaseNotesXWiki72M1#HScriptright > > and > > http://www.xwiki.org/xwiki/bin/view/ReleaseNotes/ReleaseNotesXWiki72M2#HScriptRight > > > > I hope the rationale is more clear! (not sure if I explained it right :)). > > It was confusing to me because I am actually using PhenoTips > , which is based on XWiki, but in the default > configuration I can't see why anyone would want or need to input > unstructured data into this application. It seems strange that the > user can add ?editor=wiki, ?editor=object, or ?editor=class to the URL > and leave the default PhenoTips editor behind. Making scripts > unexecutable is a step in the right direction even if it does not lock > down the application in the same way that a traditional web app would. > > In other words, PhenoTips is built on XWiki, but its highly structured > data model does not seem to fit the wiki paradigm. Maybe in the future > the PhenoTips developers will patch XWiki to allow greater lockdown, > but it's not a dealbreaker for me. ok, I understand what you mean now: you’d like the ability to lock down existing applications, i.e. prevent users of them from making structural changes to them. That’s a valid use case and we support it :) Basically there are 2 use cases: * Letting users make changes to applications because this allows multiple users to develop collaboratively apps using XWiki. The idea is that of refactoring and an app is never ever finished and can always be improved. * However you may only want some experienced users or devs to do that and not anyone. What happens is that the app has 2 types of wiki pages (aka documents): * Technical pages that make the app * Data pages which are created by the user when he/she uses the app So what we do is that when we develop apps we usually create 2 spaces, one for the technical pages and one for the data pages. In this manner we can set permissions very easily on the space containing the technical pages so that only some authorized group or users have edit rights on them. Maybe in your case all that is required is to ask the phenotips developers to not allow all users to have edit rights by default on the technical pages of this app (and restrict them to admins by default for example)? Thanks -Vincent > Thanks again, > > -Alex _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
