Yes, any logged-in user can comment on any mashup. My half-formed idea is that we might want to offer more granularity and control to mashup authors in an enterprise. Including:
1) Disallow all comments on a particular mashup. 2) Allow comments only from friends, super-friends, or some other category. 3) Allow comments from anybody, except those designated as "blocked". I think "blocked" would have to apply to all a user's mashups (I don't want to have to block an abusive person on each and every mashup I own) though that is probably a UI issue. Still puzzling what "super-friends" might mean. In Flickr there are "friends" and "family", which I don't think translates well into this space. Maybe for mashups you might want to appoint a "co-owner". Or maybe we need the ability for users to categorize their friends (workmates, friends, experts, etc.) and then apply various permissions to these groups, to enable the user manager to scale to each of these scenarios. Jonathan Marsh - http://www.wso2.com - http://auburnmarshes.spaces.live.com > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Dimuthu Leelarathne > Sent: Sunday, September 28, 2008 4:33 AM > To: [email protected] > Subject: Re: [Mashup-dev] User Permission Case Study > > Hi, > > If we define a permission as Super Friends can comment on a Mashup, > then > non-super-friends cannot. What is the difference between > non-super-friends and blocked people? > > Or it like this? By default all people can comment on Mashup, except > blocked people? So for commenting Mashup server will check > isDenied(mashupX, userY) ? > > Should user manager offer both scenarios and Mashuppers will pick one > of > them at the development time? > > Thank you, > Dimuthu > > Jonathan Marsh wrote: > > Jonathan Marsh - http://www.wso2.com - > http://auburnmarshes.spaces.live.com > > > > > > > >> -----Original Message----- > >> From: [EMAIL PROTECTED] [mailto:mashup-dev- > [EMAIL PROTECTED] > >> On Behalf Of Dimuthu Leelarathne > >> Sent: Friday, September 26, 2008 5:07 AM > >> To: [email protected] > >> Subject: [Mashup-dev] User Permission Case Study > >> > >> Hi all, > >> > >> I have picked Mashup Server to be one of my case studies to study > >> permissions on WSO2 products. > >> > >> I talked to Keith as my first resource person. Here is the list I > >> came up with. > >> > >> Please help me to improve it. > >> > >> > >> Permissions > >> 1-Tag > >> 2-Comment > >> 3-Rate > >> 4-Edit Mashups > >> 5-Upload Mashups > >> 6-Create a user group using other Mashup Users > >> 7-Assign "Friends" role to user group > >> 8-Assign "Super Friends" role to user group > >> 9-Assign 1,2,3,4 and 5 above permissions to user group > >> 10-Add/Edit/Delete users > >> 11-Admin role become a normal user > >> 12-Normal user become an admin role > >> > > > > Maybe better stated as > > 11-User with Admin privileges can act as a Normal user (e.g. suspend > their > > Admin privileges.) > > 12-User with Admin privileges can restore their Admin privileges. > > > > Maybe this concept of "suspending/restoring" a role's privileges > should be > > generalized - are there scenarios where I am Joe's "Super Friend" but > only > > want to act as a normal user? > > > > We also have an anonymous user who only has permissions to view. > It's > > possible we could limit that permission in the future too (e.g. limit > source > > code access only to registered users.) > > > > We haven't thoroughly thought through "Friends" or "Super Friends" > roles, > > but we also might want a "Blocked" role, to prevent somebody who has > posted > > abusive comments from continuing to do so. > > > > > > > > > >> Roles > >> Super Admin - all 12 permision on all resources > >> Mashup Users - all first 9 permission on their resources > >> > > > > A mashup owner also has the permission on the mashups they own to > delete > > tags and comments made by other users. In general the permission to > tag and > > comment are not identical to the permissions to delete tags and > comments. > > If you authored a tag or comment you can delete it. If you own the > resource > > being tagged or commented, you can delete other people's comments. > If > > you're an admin you can delete tags or comments anywhere. > > > > > >> Friends Role - user defined set of permissions out of 1,2,3,4 and 5 > >> Super Friends Role - user defined set of permissions out of 1,2,3,4 > and > >> 5 > >> > >> Further more, > >> Admin username/password should not be hard coded. > >> > > > > We collect this information on first run, which is a good practice. > > > > > >> Thank you, > >> Dimuthu > >> > >> _______________________________________________ > >> Mashup-dev mailing list > >> [email protected] > >> http://mailman.wso2.org/cgi-bin/mailman/listinfo/mashup-dev > >> > > > > > > _______________________________________________ > > Mashup-dev mailing list > > [email protected] > > http://mailman.wso2.org/cgi-bin/mailman/listinfo/mashup-dev > > > > > > > _______________________________________________ > Mashup-dev mailing list > [email protected] > http://mailman.wso2.org/cgi-bin/mailman/listinfo/mashup-dev _______________________________________________ Mashup-dev mailing list [email protected] http://mailman.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
