2015-09-04 15:59 GMT-06:00 vincent(a)massol.net <vincent(a)massol.net>et>:
On 4 Sep 2015 at 19:56:31, Alex Henrie
If I understand you correctly, manual monitoring
and moderation is the
only way to prevent a user from, for example, adding a bunch of
objects to a page that is supposed to be wikitext-only.
Indeed that’s the general premise of a wiki and that’s how it differs from
other tools: collaborating and creating content is hard, which is why wikis
make it easy for users to do so without having to ask for permissions.
Notifications, history and rollback features are the way to provide
oversight. In the huge majority of cases, no action is required and
serendipity happens :)
In XWiki, wiki pages can contain either unstructured data or structured data
(xobjects). There’s no fundamental difference between both types of data and
users should be free to add and modify any type of data (provided they have
edit rights on the page).
You mention “a page that is supposed to be wikitext-only”. Who says that? :)
Who says that a page which starts with wiki text cannot be improved by
having some part of it structured? I’ve done this countless of times to
provide more features.
I personally would find it a pity to arbitrarily restrict permissions to
only some users. That’s not the principle of wikis at heart. I’d say: always
try to be the most open, and if it causes problems then close down a bit if
there’s no other way.
In addition, some companies are used to the traditional way of working and
would prefer to close down things a bit. Because XWiki is a flexible
platform and because it’s an Enterprise Wiki, it has a strong permission
model. Recently (in XWiki 7.2M1 and 7.2M2), we’ve added a new permission
called the Scripting Permission and it’s possible to give it only to some
users. See
http://www.xwiki.org/xwiki/bin/view/ReleaseNotes/ReleaseNotesXWiki72M1#HScr…
and
http://www.xwiki.org/xwiki/bin/view/ReleaseNotes/ReleaseNotesXWiki72M2#HScr…
I hope the rationale is more clear! (not sure if I explained it right :)).
It was confusing to me because I am actually using PhenoTips
<https://phenotips.org/>, which is based on XWiki, but in the default
configuration I can't see why anyone would want or need to input
unstructured data into this application. It seems strange that the
user can add ?editor=wiki, ?editor=object, or ?editor=class to the URL
and leave the default PhenoTips editor behind. Making scripts
unexecutable is a step in the right direction even if it does not lock
down the application in the same way that a traditional web app would.
In other words, PhenoTips is built on XWiki, but its highly structured
data model does not seem to fit the wiki paradigm. Maybe in the future
the PhenoTips developers will patch XWiki to allow greater lockdown,
but it's not a dealbreaker for me.
Thanks again,
-Alex