On May 1, 2007, at 6:20 PM, Mimi Yin wrote:
Questions:
+ Are there any concerns about going down this path?
It makes sense to keep the user from making changes to an item that
appears in any read-only collections for the reasons you give. It
still remains a problem that a programmer could get around this and
make edits to the item, and propagate those changes to others via the
server, so let's be clear that we're not actually plugging a security
hole. I think some solutions were tossed around a few weeks back on
the cosmo list, but nothing definitive. But I am fine with the above
proposal for disallowing any edits to an item in any read-only
collections. That will at least prevent accidental/casual
overwriting of items that shouldn't be edited.
===
(Dis)Allowing Local Edits to Read-Only Items:
We would like to punt this feature to Future for 2 reasons:
1. If we allow users to edit read-only items and the items have
been added to read-write collections, we re-open the security hole
we just patched up with the proposal above. While those edits won't
be synced up via the read-only collection, they will be synced to
the server via the
...read-write collection(s) the item appears in.
2. It's unclear there are any compelling use cases for the feature
as it exists today. We all agreed that what you really want is the
ability to privately 'annotate' shared items (read-only and read-
write). Annotate meaning, ADD your own 2c to shared items, not be
able to destructively edit the item and have it potentially get out
of sync with the version that's on the server.
So we will want to revisit this functionality in the Future with
the following in mind:
+ Expanding the notion of 'local edits' to read-write items;
+ Providing a forcing function to prevent users from accidentally
committing destructive edits to shared items;
+ Providing visual feedback to distinguish local edits from what is
shared.
This means, the Lock button should just disappear from the mark-up
bar! And the pencil with the x through it should stay as an un-
clickable icon.
Mimi
+1
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Open Source Applications Foundation "Design" mailing list
http://lists.osafoundation.org/mailman/listinfo/design
