Making it easy for non-expert user to login when they need to

Its common situation to restrict page editing to known users. When someone tries to create a page they aren't informed as early as they might be that they need to be logged in. This is especially important when dealing with non-expert users.

The current situation

1. You send a user to edit or create a page from another wiki page, or a web page
2. You get a bogus "Immutable Page" disabled link, and a "You are not allowed to do that" message.
3. If you happen to figure that you may need to login, you have to look for the login link
4. Then you have to fight with the confusing non standard login/create account interface, known to cause trouble even for expert users, and sometimes impossible for simple users.
5. If managed to login or create an account you get the user preferences page, but you wanted to create or edit a page!
6. To edit or create that page, you have to type the correct url again, or maybe go back to the page which sent you to create a page.

Predicting editability

Its not possible to know if a user can edit a page in all cases. For example, the wiki may have acl like:

#acl JoeDoe:  Known:read,write  All:read

If you are JoeDoe, you will not be able to do anything after you login.

However, in the common case, we can easily check if a Known user can edit by creating a known user with code like this added to user.py (untested yet):

def createKownUser():
    from MoinMoin.user import User
    known = User()
    known.valid = True
    known.name = '__known__' # ilegal name, won't clash with real user
    return known

And checking with:

knownUser = user.createKnownUser()
if knownUser.may.write(pagename):
    # ask for login

In case you are bad guy, and there is an acl rule for you, you will get what you deserve. If you are a new user, you will be happy

How to suggest a login

The best solution will be transparent. The wiki ask you to login and give you the editor.

When visiting a page which needs a login:

1. If a known user can edit, you will get a regular "Edit" link
2. Clicking on "Edit" will show a simple login screen with name and password field

3. A create profile form may be a separate form on the same screen, or accessible by a link like "Create an account". A very good example is here: https://launchpad.net/+login

4. After you click "login" or "Create an account", the editor opened

When you send a user to an edit link e.g. http://moinmoin.wikiwikiweb.de/WikiSandBox?action=edit:

1. Show the login or create account interface
2. On submit, open the editor

If a user make a mistake and need to correct the data and submit several times, he will also get the editor at the end.

Discussion

I don't know exactly if you meant that, but the problem with stuff like a "login to edit" link (instead of just an "edit" link) is that we can't predict whether login will help as we don't know as who the user will log in.

In the case of "Known:" enabling editing, it could be done, because everybody is Known after logging in, but that would be a very limited special case and no general solution, the acls could also be like only allowing editing by JoeDoe.

Probably he is asking for a renaming of the edit button like Login to edit or a message Please login for editing in the message box above. -- ReimarBauer 2005-10-18 07:56:16

Just checking if Known can edit is only a solution for a more or less common special case. Editability of a page could also be based on Trusted, Group membership or name. So this would only be a partial solution and maybe even confuse people because they sometimes get this behaviour and some other times another behaviour.

And we also can't simply go to the login page, this is also a special case solution. auth could be done by cookie, by http auth or something else, so going to our userprefs page might not work at all.

An easy and universal solution for this "first encounter" problem is simply telling the user about whether and when the wiki is editable. Either on page_front_page or by some html_footer line on any page. This works for any case and does not need any new code. We could also make that "Immutable Page" thing a link to some page explaining that.

-- ThomasWaldmann 2005-10-18 15:00:52

The situation described here is the case when only users can edit or create new pages. In this case, using a known user is just fine. If only certain users can edit or create pages, you can't send new users to edit or create a page. This is not the case we are talking here.

Showing a login screen is possible, (I did not write go to user preferences page), when using the common solution of a cookie. It should be possible in other case also with the correct action and a redirect, like it works on other systems. -- NirSoffer 2005-10-18 15:42:27

CategoryFeatureRequest