[pmwiki-users] brain storming form posting and control
Hans
design5 at softflow.co.uk
Sat Apr 21 03:31:05 CDT 2007
This is an invite to brainstorm ideas about form posting and how it
may be controlled. The new evolving form powers make it necessary to
find new solutions to control the use of forms.
Here are some thoughts of mine, probably covering old ground, but
hopefully leading to your own creative response.
1. To be able to edit a page means being allowed to manipulate the text
content of a page and post it. This is controlled with the 'edit'
attribute (or group edit attribute, or site edit password setting).
This system works well.
2. By introducing general form markup and processing we add the
capability to edit not just the current page, but other pages, and
edit these pages in either limited ways, or more general ways, as the
form controls allow. The normal page edit via EditForm is then just
a special case of this.
3. There is no problem if we limit this form processing by checking
the edit permission for any target page. This is the logical solution,
as posting anything to a page is in fact equivalent in editing the
page, even though it may be in a limited manner.
4. But we would like to allow posting in a limited manner sometimes,
for instance for users to insert comments in pages for which they have
no edit or perhaps even no read access.
5. This cannot be controlled inside the form, but has to be controlled
by the target page. So the target page needs to carry an attribute
saying "I am allowed to be posted to, in a limited manner, even though
I may not be allowed to be edited". We called it previously a
'comment' attribute, to go alongside 'read', 'edit', etc.
6. Such a system may be workable (even though a big change to
introduce), but it still leaves the problem of defining what is a
limited manner of posting, since an author can build a form with controls
which will allow him to post not just in a limited manner, but for
instance to edit the whole page text.
7. But perhaps this is okay, as the author/form designer has edit
permission to do so, and should avoid to construct forms which may
provide too much editing powers to users for posting to target pages,
to which they are allowed to post, controlled by the 'comment' attribute.
In other words: We can leave it up to the form author to decide which
is an appropriate 'limited manner' for a 'comment' auth level of page
edits.
Hans
More information about the pmwiki-users
mailing list