Newsgroups: php.internals,php.webmaster Path: news.php.net Xref: news.php.net php.internals:53884 php.webmaster:11576 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 24580 invoked from network); 11 Jul 2011 18:24:27 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 11 Jul 2011 18:24:27 -0000 Authentication-Results: pb1.pair.com smtp.mail=hannes.magnusson@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=hannes.magnusson@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.218.42 as permitted sender) X-PHP-List-Original-Sender: hannes.magnusson@gmail.com X-Host-Fingerprint: 209.85.218.42 mail-yi0-f42.google.com Received: from [209.85.218.42] ([209.85.218.42:57596] helo=mail-yi0-f42.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 1E/73-30857-ADF3B1E4 for ; Mon, 11 Jul 2011 14:24:26 -0400 Received: by yih10 with SMTP id 10so1841328yih.29 for ; Mon, 11 Jul 2011 11:24:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=wlUeeXUNO/xEI5IB8vxauaB70lveWWh6gEoLrEDTHb8=; b=JqHjUdwvjuNdV4Mr5sYTQPFWG8ROhtL+JyMDXaY1+bbZwuJKM42k8UPJzy3vTUEspz D++Nf/hSx5JqccKsi3Mz4mz2qTI3plpb3yh0xfj40mpzifLYFc/3xjN4b9XEbvE7hkS8 mnSXuXo6TbFMk0Kh2hX+idGgqsW4APf3nj/F0= MIME-Version: 1.0 Received: by 10.147.86.18 with SMTP id o18mr4134363yal.17.1310408663797; Mon, 11 Jul 2011 11:24:23 -0700 (PDT) Received: by 10.147.35.14 with HTTP; Mon, 11 Jul 2011 11:24:23 -0700 (PDT) In-Reply-To: <52B477DE-081D-4ACD-9A14-29514EFFC85D@roshambo.org> References: <4E1AB83A.6060801@sugarcrm.com>

<52B477DE-081D-4ACD-9A14-29514EFFC85D@roshambo.org> Date: Mon, 11 Jul 2011 20:24:23 +0200 Message-ID: To: Philip Olson Cc: Ferenc Kovacs , Pierre Joye , Stas Malyshev , php-webmaster , PHP Internals Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] sudden spike in wiki registrations From: hannes.magnusson@gmail.com (Hannes Magnusson) On Mon, Jul 11, 2011 at 19:05, Philip Olson wrote: > > On Jul 11, 2011, at 8:11 AM, Ferenc Kovacs wrote: > >> On Mon, Jul 11, 2011 at 1:00 PM, Hannes Magnusson >> wrote: >>> On Mon, Jul 11, 2011 at 12:48, Ferenc Kovacs wrote: >>>> On Mon, Jul 11, 2011 at 12:18 PM, Ferenc Kovacs wro= te: >>>>> On Mon, Jul 11, 2011 at 12:07 PM, Hannes Magnusson >>>>> wrote: >>>>>> On Mon, Jul 11, 2011 at 12:03, Hannes Magnusson >>>>>> wrote: >>>>>>> It is very hard to detect which "php group" a person belongs to, ou= r >>>>>>> karma system doesn't work like that. >>>>>>> >>>>>>> We can easily detect if an account is an php.net SVN account though= . >>>>>>> And the wiki can tell you if a person has write access to that spec= ific page. >>>>>>> >>>>>>> Most external users have assigned "write" groups, "qa", "rfc", "web= ". >>>>>>> These are the people who have requested access to these areas. >>>>>>> >>>>>>> I was under the impression the vote plugin respected the write >>>>>>> permission acl to that page, so a user would need to have write kar= ma >>>>>>> to that namespace to be able to vote. >>>>>>> Does it have no builtin functionality like that? >>>>>> >>>>>> Answering my own question; No, it doesn't. >>>>>> http://www.dokuwiki.org/plugin:doodle2#authentication >>>>>> >>>>>> -Hannes >>>>>> >>>>> >>>>> I checked the source, if the permissions are set correctly, then the >>>>> required code change is minimal: >>>>> in the php-wiki/dokuwiki/lib/plugins/doodle/syntax.php file we have t= o >>>>> modify the render and castVote methods to check >>>>> $this->isAllowedToEditEntry($fullname) and thats it. >>>>> >>>>> >>>>> -- >>>>> Ferenc Kov=C3=A1cs >>>>> @Tyr43l - http://tyrael.hu >>>>> >>>> >>>> of course the explicit group checking would be better, because >>>> currently we have votes under rfc namespace where some users have >>>> write access as they proposed/wanted to propose some rfc but they >>>> shouldn't . >>> >>> >>> I think we should be able to differentiate the voters manually this tim= e. >>> But implementing those voting RFC rules before next time would be ideal= . >>> >>> -Hannes >>> >> >> after some discussion on irc, we agreed that for a quick fix for the >> wiki we should only allow voting for the following groups: >> - phpcvs : this is a fake group, every @php.net user is part of it. >> - voting: this group isn't exists yet AFAIK, we should add everybody >> to this who are allowed to vote, bu don't have svn account. >> >> my patch is on gist: https://gist.github.com/1076035 >> if you think its fine, it could be commited, I don't have karma for the = wiki. >> >> ps: I also allowed the wiki admins to access the voting features just in= case. > > Greetings, > > I didn't test it, but made the commit. What can go wrong? :) Also, I'm no= t sure > how often the wiki pulls from SVN. > > And people have expressed different interpretations of the voting RFC reg= arding > "who can vote" so I suspect this overall topic will persist.... However, = the above > changes have been made that hopefully fixes this bug. It has updated by now atleast. The current vote still needs to be reviewed manually anyway, so I really don't understand the need for a quick hack at this time. Cooperating with the plugin authors on how to implement better checks there would imo make much more sense. -Hannes