2015-09-04 15:59 GMT-06:00 vinc...@massol.net <vinc...@massol.net>: > On 4 Sep 2015 at 19:56:31, Alex Henrie >> If I understand you correctly, manual monitoring and moderation is the >> only way to prevent a user from, for example, adding a bunch of >> objects to a page that is supposed to be wikitext-only. > > Indeed that’s the general premise of a wiki and that’s how it differs from > other tools: collaborating and creating content is hard, which is why wikis > make it easy for users to do so without having to ask for permissions. > Notifications, history and rollback features are the way to provide > oversight. In the huge majority of cases, no action is required and > serendipity happens :) > > In XWiki, wiki pages can contain either unstructured data or structured data > (xobjects). There’s no fundamental difference between both types of data and > users should be free to add and modify any type of data (provided they have > edit rights on the page). > > You mention “a page that is supposed to be wikitext-only”. Who says that? :) > Who says that a page which starts with wiki text cannot be improved by > having some part of it structured? I’ve done this countless of times to > provide more features. > > I personally would find it a pity to arbitrarily restrict permissions to > only some users. That’s not the principle of wikis at heart. I’d say: always > try to be the most open, and if it causes problems then close down a bit if > there’s no other way. > > In addition, some companies are used to the traditional way of working and > would prefer to close down things a bit. Because XWiki is a flexible > platform and because it’s an Enterprise Wiki, it has a strong permission > model. Recently (in XWiki 7.2M1 and 7.2M2), we’ve added a new permission > called the Scripting Permission and it’s possible to give it only to some > users. See > http://www.xwiki.org/xwiki/bin/view/ReleaseNotes/ReleaseNotesXWiki72M1#HScriptright > and > http://www.xwiki.org/xwiki/bin/view/ReleaseNotes/ReleaseNotesXWiki72M2#HScriptRight > > I hope the rationale is more clear! (not sure if I explained it right :)).
It was confusing to me because I am actually using PhenoTips <https://phenotips.org/>, which is based on XWiki, but in the default configuration I can't see why anyone would want or need to input unstructured data into this application. It seems strange that the user can add ?editor=wiki, ?editor=object, or ?editor=class to the URL and leave the default PhenoTips editor behind. Making scripts unexecutable is a step in the right direction even if it does not lock down the application in the same way that a traditional web app would. In other words, PhenoTips is built on XWiki, but its highly structured data model does not seem to fit the wiki paradigm. Maybe in the future the PhenoTips developers will patch XWiki to allow greater lockdown, but it's not a dealbreaker for me. Thanks again, -Alex _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
