Newsgroups: php.internals,php.webmaster
Path: news.php.net
Xref: news.php.net php.internals:53881 php.webmaster:11571
Return-Path: <philip@roshambo.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 13849 invoked from network); 11 Jul 2011 17:05:44 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 11 Jul 2011 17:05:44 -0000
Authentication-Results: pb1.pair.com smtp.mail=philip@roshambo.org; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=philip@roshambo.org; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain roshambo.org from 209.85.214.170 cause and error)
X-PHP-List-Original-Sender: philip@roshambo.org
X-Host-Fingerprint: 209.85.214.170 mail-iw0-f170.google.com  
Received: from [209.85.214.170] ([209.85.214.170:44930] helo=mail-iw0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 30/22-30857-56D2B1E4 for <internals@lists.php.net>; Mon, 11 Jul 2011 13:05:42 -0400
Received: by iwn36 with SMTP id 36so4265268iwn.29
        for <multiple recipients>; Mon, 11 Jul 2011 10:05:38 -0700 (PDT)
Received: by 10.231.81.18 with SMTP id v18mr4625314ibk.42.1310403938521;
        Mon, 11 Jul 2011 10:05:38 -0700 (PDT)
Received: from [192.168.1.11] (c-174-61-179-13.hsd1.wa.comcast.net [174.61.179.13])
        by mx.google.com with ESMTPS id m18sm3833867ibc.11.2011.07.11.10.05.36
        (version=TLSv1/SSLv3 cipher=OTHER);
        Mon, 11 Jul 2011 10:05:37 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=iso-8859-1
In-Reply-To: <CAH-PCH5Fu_3HGVDnrA1+t0TrTkquR801SvGK6f+mKwL+6vgeSA@mail.gmail.com>
Date: Mon, 11 Jul 2011 10:05:35 -0700
Cc: Hannes Magnusson <hannes.magnusson@gmail.com>,
 Pierre Joye <pierre.php@gmail.com>,
 Stas Malyshev <smalyshev@sugarcrm.com>,
 php-webmaster <php-webmaster@lists.php.net>,
 PHP Internals <internals@lists.php.net>
Content-Transfer-Encoding: quoted-printable
Message-ID: <52B477DE-081D-4ACD-9A14-29514EFFC85D@roshambo.org>
References: <CAH-PCH40muSZ-9DAXVcRMC0gjQH2b1=CRmcBeL315jFZAwOs2g@mail.gmail.com> <4E1AB83A.6060801@sugarcrm.com> <CADNQb0Vg6vPg0k0YJ_23_VGfzSiQ70D2_ghJ-ke-SHnazaSa4w@mail.gmail.com> <CAEZPtU44LjWusp-+KWhaN50bmVLaAHXmttxOfFy=kyQAyp1Z0Q@mail.gmail.com> <CAEZPtU5AZ=14unupawXnwiB0gPYxoLwOFzj-LVHKF4qF+QaZfw@mail.gmail.com> <CADNQb0USw0y1jgnWWPkw8H+v73FQ_5HE815qAjBMA-gQ26J2GQ@mail.gmail.com> <CADNQb0W6zQTAnf_mwpbo-vLK5bUEzY5UwP_JxYZJvPDO62aAmQ@mail.gmail.com> <CAH-PCH4d+qJ35gvSFYGVaoTMSN0jLyAh1+tyLcNZKvBKdMujRg@mail.gmail.com> <CAH-PCH5pHJNpYJYZro0yM5xU+LiF=0yVVz1e2muyzgWVfoVAqg@mail.gmail.com> <CADNQb0UmSPQPNrVCUe=inb5nGP4kBogZJV49iuP16dox0Fgg0w@mail.gmail.com> <CAH-PCH5Fu_3HGVDnrA1+t0TrTkquR801SvGK6f+mKwL+6vgeSA@mail.gmail.com>
To: Ferenc Kovacs <tyra3l@gmail.com>
X-Mailer: Apple Mail (2.1084)
Subject: Re: [PHP-DEV] sudden spike in wiki registrations
From: philip@roshambo.org (Philip Olson)


On Jul 11, 2011, at 8:11 AM, Ferenc Kovacs wrote:

> On Mon, Jul 11, 2011 at 1:00 PM, Hannes Magnusson
> <hannes.magnusson@gmail.com> wrote:
>> On Mon, Jul 11, 2011 at 12:48, Ferenc Kovacs <tyra3l@gmail.com> =
wrote:
>>> On Mon, Jul 11, 2011 at 12:18 PM, Ferenc Kovacs <tyra3l@gmail.com> =
wrote:
>>>> On Mon, Jul 11, 2011 at 12:07 PM, Hannes Magnusson
>>>> <hannes.magnusson@gmail.com> wrote:
>>>>> On Mon, Jul 11, 2011 at 12:03, Hannes Magnusson
>>>>> <hannes.magnusson@gmail.com> wrote:
>>>>>> It is very hard to detect which "php group" a person belongs to, =
our
>>>>>> karma system doesn't work like that.
>>>>>>=20
>>>>>> We can easily detect if an account is an php.net SVN account =
though.
>>>>>> And the wiki can tell you if a person has write access to that =
specific page.
>>>>>>=20
>>>>>> Most external users have assigned "write" groups, "qa", "rfc", =
"web".
>>>>>> These are the people who have requested access to these areas.
>>>>>>=20
>>>>>> I was under the impression the vote plugin respected the write
>>>>>> permission acl to that page, so a user would need to have write =
karma
>>>>>> to that namespace to be able to vote.
>>>>>> Does it have no builtin functionality like that?
>>>>>=20
>>>>> Answering my own question; No, it doesn't.
>>>>> http://www.dokuwiki.org/plugin:doodle2#authentication
>>>>>=20
>>>>> -Hannes
>>>>>=20
>>>>=20
>>>> I checked the source, if the permissions are set correctly, then =
the
>>>> required code change is minimal:
>>>> in the php-wiki/dokuwiki/lib/plugins/doodle/syntax.php file we have =
to
>>>> modify the render and castVote methods to check
>>>> $this->isAllowedToEditEntry($fullname) and thats it.
>>>>=20
>>>>=20
>>>> --
>>>> Ferenc Kov=E1cs
>>>> @Tyr43l - http://tyrael.hu
>>>>=20
>>>=20
>>> of course the explicit group checking would be better, because
>>> currently we have votes under rfc namespace where some users have
>>> write access as they proposed/wanted to propose some rfc but they
>>> shouldn't .
>>=20
>>=20
>> I think we should be able to differentiate the voters manually this =
time.
>> But implementing those voting RFC rules before next time would be =
ideal.
>>=20
>> -Hannes
>>=20
>=20
> after some discussion on irc, we agreed that for a quick fix for the
> wiki we should only allow voting for the following groups:
> - phpcvs : this is a fake group, every @php.net user is part of it.
> - voting: this group isn't exists yet AFAIK, we should add everybody
> to this who are allowed to vote, bu don't have svn account.
>=20
> my patch is on gist: https://gist.github.com/1076035
> if you think its fine, it could be commited, I don't have karma for =
the wiki.
>=20
> ps: I also allowed the wiki admins to access the voting features just =
in case.

Greetings,

I didn't test it, but made the commit. What can go wrong? :) Also, I'm =
not sure=20
how often the wiki pulls from SVN.=20

And people have expressed different interpretations of the voting RFC =
regarding=20
"who can vote" so I suspect this overall topic will persist.... However, =
the above=20
changes have been made that hopefully fixes this bug.

Regards,
Philip