Sphene Community Tools

Community

Copyright © 2007-2018 by Herbert Poul

You are not logged in.
Login
Register

Change Language:



AddThis Social Bookmark Button

A Django site.

Powered by Sphene Community Tools
Board » General » Feature Discussions » Wiki security

Hello again,

I am just facing the snip security issues and I found that the issue #1 is about who can edit/view, the problem I am having right now and I am interested to help.

Another thing is, you said that there is a hierarchical access for snips, but I can't find a relationship between snips. How do you control it?

Just to let you know, since SocialText works with Dashboards to group snips, there were a preference link in each dashboard/project to set the security, instead of a link by snips. So, every snip will inherit its dashboard's privacy. We can think about something like it, so we just set the privacy once, and, if someone really want to change a single snip it won't be a big thing.

Another thing is, they use a flying menu called tools instead of a bunch of buttons on the top of each snip. A simple visible on/off javascript function. (I know that I can do it on my templates, but it's just a suggestion)

Cheers,

4nderson
what the heck am I doing?
Anderson Santos said @ 2007-08-14 18:32:44:
I am just facing the snip security issues and I found that the issue #1 is about who can edit/view, the problem I am having right now and I am interested to help.
i guess the problem is that you only have the difference between loggedin users, members of the group .. and administrators ? .. this should be solved together with the advanced permissions for the board..

Anderson Santos said @ 2007-08-14 18:32:44:
Another thing is, you said that there is a hierarchical access for snips, but I can't find a relationship between snips. How do you control it?

you can't control it.. you can look at the code (sphene/sphwiki/models.py - function '__get_wiki_preference' - if the current snip does not have a preference object assigned (ie. permissions are not set) it will ask it's parent for the preferences..

the parent/child relationship is simple.. it removes the last element of the snip name.. elements are separated using slashes e.g. \MyCompany/Division/Section has as parent \MyCompany/Division .. which has as parent \MyCompany .. which has as parent a snip called 'ROOT' (this is hardcoded.. - ie. at the root of all wiki snips in a given group .. is a snip with the name ROOT)

i hope this makes this kind of clear ? i think this is very straight forward.. although it is not represented in the database model. (there is no DB relationship between a parent snip and it's childs.. it's just a logical by removing everything after the last slash.)

Anderson Santos said @ 2007-08-14 18:32:44:
Another thing is, they use a flying menu called tools instead of a bunch of buttons on the top of each snip. A simple visible on/off javascript function. (I know that I can do it on my templates, but it's just a suggestion)


well... i'll think about it .. i have to admit that the number of buttons slowly grows to a point where it is not really nice to see them on every page .. and tools like jquery which could make cool effects like fading are so easy to use that there is no real argument against using them :)

i have to see how many buttons there currently are.. and which will come in the near future.. (and maybe if there should be a "common" look for these actions for wiki and board.. )
Hey, we have Signatures !!! Great, isn't it ? ;)
Anderson Santos said @ 2007-08-14 18:32:44:
I am just facing the snip security issues and I found that the issue #1 is about who can edit/view, the problem I am having right now and I am interested to help.
i guess the problem is that you only have the difference between loggedin users, members of the group .. and administrators ? .. this should be solved together with the advanced permissions for the board..
Hmmm, maybe not exactly this. My problem was that I created an example page with admin, logged out and logged in with a different user. When I tried to edit the page, I noticed that I had to go to the admin page and change the snip preferences and I will probably have to do this with all snips =X (okay, maybe not if I use the hierarchy)



you can't control it.. you can look at the code (sphene/sphwiki/models.py - function '__get_wiki_preference' - if the current snip does not have a preference object assigned (ie. permissions are not set) it will ask it's parent for the preferences..

...

i hope this makes this kind of clear ? i think this is very straight forward.. although it is not represented in the database model. (there is no DB relationship between a parent snip and it's childs.. it's just a logical by removing everything after the last slash.)




Ahh, I was looking for a "Parent Snip" field or something. I will try this.

well... i'll think about it .. i have to admit that the number of buttons slowly grows to a point where it is not really nice to see them on every page .. and tools like jquery which could make cool effects like fading are so easy to use that there is no real argument against using them :)


Good, I never used jquery but a colleague implemented some stuff with it. I have to take a better look. =)
what the heck am I doing?
Anderson Santos said @ 2007-08-14 21:31:59:
Hmmm, maybe not exactly this. My problem was that I created an example page with admin, logged out and logged in with a different user. When I tried to edit the page, I noticed that I had to go to the admin page and change the snip preferences and I will probably have to do this with all snips =X (okay, maybe not if I use the hierarchy)
simply create a snip called ROOT and set the permissions you need through the django admin interface.. these will then apply to all other snips (which don't yet have permissions set ..) - of course also new once..
Hey, we have Signatures !!! Great, isn't it ? ;)
Ok, after the root trick, it's working for now =)
what the heck am I doing?

Please login to post a reply.



Powered by Sphene Community Tools