Florian, I agree that user home pages are "special," and that we should do something about it. But I'd be reluctant to use access control templates. Instead, it would be better to extend the security policy grammar so that the defaults are sensible. For example, for groups, one of the default policies is this:
permission org.apache.wiki.auth.permissions.GroupPermission "*:<groupmember>", "edit"; ...which means "any members of the group can edit it." It's easy to imagine how this might extend to pages, e.g., creating a <self> or <fullname> token that would be evaluated. I think this is probably better than templating. Your comment also made me think about page "types," in the sense that we might want to consider adding support for this -- probably as an Enum. Home pages might be one type; comments (which will be sub-pages at some point) might be another. But I haven't thought too hard about this just yet. Andrew On Tue, Feb 2, 2010 at 4:19 PM, Florian Holeczek <[email protected]> wrote: > Hi devs, > > I want to start a discussion on a special aspect of the organization of > our new backend. > I think it might be useful to separate user profile pages from "normal" > pages. The following advantages came to my mind: > * no name collisions > * possibility of explicitly marking a page as a user profile (and thus > possibility for a visitor recognizing a page as user profile) > * possibility of having an access control template for this kind of > pages (e.g. only its "owner" may edit it). > > WDYT? > > Best regards > Florian >
