[pmwiki-users] self-registering for notification emails

Pico pmwiki at ben-amotz.com
Sun Jun 4 15:45:38 CDT 2006


Tegan Dowling wrote:
> Please confirm I'm understanding this correctly:
> 
> I want to give users the ability to administer their own watchlists as
> far as that's possible.  I know that PM has further embellishments to
> the present set-up in the plan, but for now, I believe
> 
> 1) I can write-protect Site.NotifyList, restricting it to admins or
> giving it its own password,
> 2) on Site.NotifyList, I can put, for each user (for example):
>    notify=user at example.com trail=Profiles.User-watchlist squelch=86400
> OR
>    notify=user at example.com trail=User.WatchList squelch=86400
> 3) then each user can create a trail on his/her own watchlist page.
> 
> BUT
> 
> 4) The trail functionality is limited to manually, individually keyed
> links - meaning:
>  4a) no pagelist-generated list will work to populate the trail, and
>  4b) There's no point in placing a Group.RecentChanges on the trail, either.
> 
> SO
> 
> 5) If a user wants to watch a whole wikigroup, for instance, or other
> dynamically-defined selection, that will need to be put on the
> Site.NotifyList page by someone with edit-rights to it.
> 
> Correct?  Or am I missing something (which wouldn't surprise me one bit)?
> 
> Thanks!
> 
You could always control the Site.NotifyList by assigning a password 
that is shared among trusted users.  On PmWiki.org, the password is 
shared more generally among anyone who reads the list.

Don't like that?

Ok, how about using include directives to password protected author 
pages?  Assuming that the include directive actually works in 
SiteNotifyList to cause included notify instructions to be passed along 
and processed, you  might be able to implement the following:


Example 1: Broad control farmed out to trusted individual users

Site.NotifyList

    (:include Profile.User1-Notify:)
    (:include Profile.User2-Notify:)
    etc

Profile.User1-Notify:

     notify=user1 at example.com group=XYY squelch=86400


Note: That user could put any malicious notify arguments in their page 
to send email to other addresses, but they couldn't control the 
Site.NotifyList page directly, and the administrator could remove their 
include line

Example 2: Apparently narrow control farmed out to trusted individual users

Site.NotifyList

     notify=user1 at example.com (:include Profile.User1-Notify:)
     notify=user2 at example.com (:include Profile.User2-Notify:)

Profile.User1-Notify:

     group=XYY squelch=86400

Note: Appears to be more limited than Example 1, because the e-mail 
address is already supplied (but, in fact, an author could simply add 
new lines listing other email addresses)

Example 3: Narrower control farmed out to trusted individual users

Site.NotifyList

      notify=(:include Profile.User1-Notify#email#group:)\
      group=(:include Profile.User1-Notify#group#trail:)\
      trail=(:include Profile.User1-Notify#trail#squelch:)\
      squelch=(:include Profile.User1-Notify#trail#end:)

Profile.User1-Notify:

    [[#email]]\
    user at domain.com\
    [[#group]]\
    PmWiki\
    [[#trail]]\
    Profile/User\
    [[#squelch]]\
    300\
    [[#end]]


Note: Requires much more testing and setup than examples 1 and 2, but if 
implemented correctly, this could provided narrower control over parameters.


Conclusions:

All of the above assume that included pages will be password protected 
and that notify will only be extended to users in a trusted community, 
or to trusted users in a mixed community.

With that main control, and a relatively trusted community of authors, 
example 1 may be a suitable tradeoff (or, more specifically, transfer of 
control).  Example 2 is not much better, or harder, and might be more a 
choice of what signal do you want to send.  Example 3 seems like too 
much trouble in light of the underlying risk.

Pico




More information about the pmwiki-users mailing list