Details
- Applies to
- 1.9
- Purpose
- get rid of the extremely user-unfriendly "Immutable Page" message
- Description
- replaces the "Immutable Page" message with "You are not allowed to edit this page." or "You need to login to edit this page." as appropriate.
- Fixes
- Obsoletes
the "Show a login link instead of Immutable page" patch
Patch
1 From efa03734f416d3ae7f3dad394e837435ba886aed Mon Sep 17 00:00:00 2001
2 From: Paul Wise <pabs3@bonedaddy.net>
3 Date: Sun, 29 Dec 2013 11:43:47 +0800
4 Subject: [PATCH] Use a more user-friendly message when login-to-edit is
5 enabled
6
7 ---
8 MoinMoin/theme/__init__.py | 35 ++++++++++++++++++++++++++++++-----
9 1 file changed, 30 insertions(+), 5 deletions(-)
10
11 diff --git a/MoinMoin/theme/__init__.py b/MoinMoin/theme/__init__.py
12 index 604092b..ffe869d 100644
13 --- a/MoinMoin/theme/__init__.py
14 +++ b/MoinMoin/theme/__init__.py
15 @@ -1271,9 +1271,22 @@ actionsMenuInit('%(label)s');
16 if 'edit' in self.request.cfg.actions_excluded:
17 return ""
18
19 - if not (page.isWritable() and
20 - self.request.user.may.write(page.page_name)):
21 - return self.disabledEdit()
22 + if not page.isWritable():
23 + return self.immutablePage()
24 + if not self.request.user.may.write(page.page_name):
25 + user_valid = self.request.user.valid
26 + user_name = self.request.user.name
27 + user_may_name = self.request.user.may.name
28 + self.request.user.name = self.request.user.may.name = u'Known'
29 + self.request.user.valid = 1
30 + if self.request.user.may.write(page.page_name):
31 + result = self.loginToEdit()
32 + else:
33 + result = self.editNotAllowed()
34 + self.request.user.valid = user_valid
35 + self.request.user.name = user_name
36 + self.request.user.may.name = user_may_name
37 + return result
38
39 _ = self.request.getText
40 querystr = {'action': 'edit'}
41 @@ -1327,12 +1340,24 @@ var gui_editor_link_text = "%(text)s";
42 'text': _('Edit (GUI)'),
43 }
44
45 - def disabledEdit(self):
46 - """ Return a disabled edit link """
47 + def immutablePage(self):
48 + """ Return an immutable page message """
49 _ = self.request.getText
50 return ('<span class="disabled">%s</span>'
51 % _('Immutable Page'))
52
53 + def editNotAllowed(self):
54 + """ Return an edit not allowed message """
55 + _ = self.request.getText
56 + return ('<span class="disabled">%s</span>'
57 + % _('You are not allowed to edit this page.'))
58 +
59 + def loginToEdit(self):
60 + """ Return a login to edit message """
61 + _ = self.request.getText
62 + return ('<span class="disabled">%s</span>'
63 + % _('You need to login to edit this page.'))
64 +
65 def infoLink(self, page):
66 """ Return link to page information """
67 if 'info' in self.request.cfg.actions_excluded:
68 --
69 1.8.5.1
Discussion
"Known" is not a user name (see code above), but a pseudo group. If that code works, you are maybe just lucky that it does.
- The code works as desired, I tested it locally.
Logging a user in puts him into "Known" pseudo group. Maybe also into "Trusted" or other groups which you can't even know before the user is actually identified.
Thus, the promise of "log in to edit" might be fulfilled or not, you can't know beforehands. And this is exactly the reason why moin does not even promise that.
- moin's current behaviour provides incorrect information and is actively harmful; Debian wiki users often get confused or just decide that they will never be able to edit the wiki, give up and leave. It is better to possibly be incorrect but usually correct that to always be incorrect/confusing like moin is right now.
- You are saying it is giving incorrect information. This is not true, you are just interpreting it wrong.
- If it says editing is not allowed then this information of course refers to the permissions of the user currently known to moin (which is just none/anonymous/unknown as long as the user did not log in).
- If you did log in and it says editing is not allowed, then of course that information also refers to the user currently known to moin (and doesn't mean that other users are not allowed to edit also).
- what is "usually correct" is a rather vague assumption as ACLs can be defined arbitrarily in the configuration and as well as on the wiki page (if someone with "admin" ACL rights added a acl to the page)
- the default ACLs of moin let every visitor edit (you obviously do not use the defaults, but put more restrictive ACLs into your config and/or on your pages)
- if one configures more restrictive ACLs, one can be arbitrarily creative: allow write only for Known, allow it only for Trusted, allow it only for some special group's members, allow only some specific user(s) or even allow nobody (if the wiki is read-only)
- i very well understand what your fundamental issue is as this has been discussed multiple times before. i am just saying moin shall not give false promises.
- also, as you do not know the user as long as he/she did not log in, it is impossible to compute permissions of the logged-in user correctly. thus, your code might work in some special case (which is maybe YOUR usual case), but it is impossible to write generically correct and useful code for that.
if people somehow rely on the output of your patched moin (before login), it will tell them they are not allowed to edit for some cases where they in fact are allowed to edit after login (e.g. members of a write-permitted EditorGroup). so while the original code is somehow logically consistent, after the patch, it is not any more.
- You are saying it is giving incorrect information. This is not true, you are just interpreting it wrong.
FYI, when we (team of maintainers of some wiki farm) faced the same problem, we've just changed the message to something like "You can't edit this page. You may try to login in order to get ability to edit this page." for non-logged in users. Furthermore, iirc there's somewhere patch on this wiki which implements just this behaviour. — -- EugeneSyromyatnikov 2014-01-22 10:40:58
the more constructive part
As this sort of idea is not new and comes up every year about once, maybe let's try to seek a real solution.
Requirements
- must be a generic solution, working for any configured or on-page ACL
- must not give wrong promises to unknown users what they might be able to do after they are logged in
- just tell the truth, but try to do it as helpful as possible
- be careful with modifying translated strings:
- will cause work for all active translators
- some languages might not have an active translator, so a previously translated string might become an untranslated one
- prefer re-using existing translated strings, if possible
Status Quo (1.9.7)
edit_bar
Tells "Immutable Page" (if fs permissions or acl permissions do not allow write).
Problem: User might wrongly assume that this is a unchangeable universally-true fact (for this page or even this wiki).
on-page permission msg
Tells "You are not allowed to edit this page." (if acl permissions do not allow write)
Problem: User might not be aware that "You" refers to the anon user as long as he/she is not logged in.
Ideas
edit_bar
Please note the rather limited space in the edit bar, must be rather brief.
Better:
- just display "Edit" link and delay permission handling to later?
- as a nice side effect, this might even speed up moin a little (at least if we do not have to check write permissions for other reasons anyway)
- other ideas?
on-page permission msg
We have more space for a verbose message here.
Better:
- "%(username)s is not allowed to edit this page.".
- username == "Anon(ymous)" (before login)
username == <known username> (after login)
- other ideas?
Plan
- Priority:
- Assigned to:
- Status: