On Mon, Jul 11, 2011 at 19:05, Philip Olson <phi...@roshambo.org> wrote: > > On Jul 11, 2011, at 8:11 AM, Ferenc Kovacs wrote: > >> On Mon, Jul 11, 2011 at 1:00 PM, Hannes Magnusson >> <hannes.magnus...@gmail.com> wrote: >>> On Mon, Jul 11, 2011 at 12:48, Ferenc Kovacs <tyr...@gmail.com> wrote: >>>> On Mon, Jul 11, 2011 at 12:18 PM, Ferenc Kovacs <tyr...@gmail.com> wrote: >>>>> On Mon, Jul 11, 2011 at 12:07 PM, Hannes Magnusson >>>>> <hannes.magnus...@gmail.com> wrote: >>>>>> On Mon, Jul 11, 2011 at 12:03, Hannes Magnusson >>>>>> <hannes.magnus...@gmail.com> wrote: >>>>>>> It is very hard to detect which "php group" a person belongs to, our >>>>>>> karma system doesn't work like that. >>>>>>> >>>>>>> We can easily detect if an account is an php.net SVN account though. >>>>>>> And the wiki can tell you if a person has write access to that specific >>>>>>> page. >>>>>>> >>>>>>> Most external users have assigned "write" groups, "qa", "rfc", "web". >>>>>>> These are the people who have requested access to these areas. >>>>>>> >>>>>>> I was under the impression the vote plugin respected the write >>>>>>> permission acl to that page, so a user would need to have write karma >>>>>>> to that namespace to be able to vote. >>>>>>> Does it have no builtin functionality like that? >>>>>> >>>>>> Answering my own question; No, it doesn't. >>>>>> http://www.dokuwiki.org/plugin:doodle2#authentication >>>>>> >>>>>> -Hannes >>>>>> >>>>> >>>>> I checked the source, if the permissions are set correctly, then the >>>>> required code change is minimal: >>>>> in the php-wiki/dokuwiki/lib/plugins/doodle/syntax.php file we have to >>>>> modify the render and castVote methods to check >>>>> $this->isAllowedToEditEntry($fullname) and thats it. >>>>> >>>>> >>>>> -- >>>>> Ferenc Kovács >>>>> @Tyr43l - http://tyrael.hu >>>>> >>>> >>>> of course the explicit group checking would be better, because >>>> currently we have votes under rfc namespace where some users have >>>> write access as they proposed/wanted to propose some rfc but they >>>> shouldn't . >>> >>> >>> I think we should be able to differentiate the voters manually this time. >>> But implementing those voting RFC rules before next time would be ideal. >>> >>> -Hannes >>> >> >> after some discussion on irc, we agreed that for a quick fix for the >> wiki we should only allow voting for the following groups: >> - phpcvs : this is a fake group, every @php.net user is part of it. >> - voting: this group isn't exists yet AFAIK, we should add everybody >> to this who are allowed to vote, bu don't have svn account. >> >> my patch is on gist: https://gist.github.com/1076035 >> if you think its fine, it could be commited, I don't have karma for the wiki. >> >> ps: I also allowed the wiki admins to access the voting features just in >> case. > > Greetings, > > I didn't test it, but made the commit. What can go wrong? :) Also, I'm not > sure > how often the wiki pulls from SVN. > > And people have expressed different interpretations of the voting RFC > regarding > "who can vote" so I suspect this overall topic will persist.... However, the > above > changes have been made that hopefully fixes this bug.
It has updated by now atleast. The current vote still needs to be reviewed manually anyway, so I really don't understand the need for a quick hack at this time. Cooperating with the plugin authors on how to implement better checks there would imo make much more sense. -Hannes -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
