This is an invite to brainstorm ideas about form posting and how it may be controlled. The new evolving form powers make it necessary to find new solutions to control the use of forms.
Here are some thoughts of mine, probably covering old ground, but hopefully leading to your own creative response. 1. To be able to edit a page means being allowed to manipulate the text content of a page and post it. This is controlled with the 'edit' attribute (or group edit attribute, or site edit password setting). This system works well. 2. By introducing general form markup and processing we add the capability to edit not just the current page, but other pages, and edit these pages in either limited ways, or more general ways, as the form controls allow. The normal page edit via EditForm is then just a special case of this. 3. There is no problem if we limit this form processing by checking the edit permission for any target page. This is the logical solution, as posting anything to a page is in fact equivalent in editing the page, even though it may be in a limited manner. 4. But we would like to allow posting in a limited manner sometimes, for instance for users to insert comments in pages for which they have no edit or perhaps even no read access. 5. This cannot be controlled inside the form, but has to be controlled by the target page. So the target page needs to carry an attribute saying "I am allowed to be posted to, in a limited manner, even though I may not be allowed to be edited". We called it previously a 'comment' attribute, to go alongside 'read', 'edit', etc. 6. Such a system may be workable (even though a big change to introduce), but it still leaves the problem of defining what is a limited manner of posting, since an author can build a form with controls which will allow him to post not just in a limited manner, but for instance to edit the whole page text. 7. But perhaps this is okay, as the author/form designer has edit permission to do so, and should avoid to construct forms which may provide too much editing powers to users for posting to target pages, to which they are allowed to post, controlled by the 'comment' attribute. In other words: We can leave it up to the form author to decide which is an appropriate 'limited manner' for a 'comment' auth level of page edits. Hans _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
