Camp Smalltalk results
ducasse at iam.unibe.ch
Sun Jul 25 15:40:01 MEST 2004
>> For the security issues we have an extension of Lukas original model
>> (or UI based on the original model of lukas). You can find the master
>> report of David Vogel on http://kilana.unibe.ch:9090/smallwiki/.
>> Now the problem that we have is that the code is breaking certain
>> of SmallWiki
>> and david is not replying to emails (since I guess that he is getting
>> So we know that a UI and a better security model is needed (the idea
>> the new version is
>> that a local admin should not be able to grant more rights than he
>> owns, and that a local admin cannot damage other local admins). But
>> right now we are stuck. We will see how/if this is worth to rescue the
>> code of David Vogel or just to reimplement the idea.
> We used the "advanced security" system, which I think was David
> Vogel's. We
> did not find any bugs we couldn't fix. If you send a list of things
> that do
> not work (especially test cases that fail) then I would be willing to
> at them.
Excellent news. I guess that the problems we have are related to the
we have old instances of users around in old wikis and this conflicts
when we use the new
> One thing we found annoying was that the default wiki with advanced
> gives no permissions at all to the anonymous user. I think we changed
> initialization so that anonymous users can read and write pages and
> new pages.
Yes indeed this was strange.
> In general, all of the UIUC wiki will be open for reading and writing
> by any
> user. However, I have a class where I would like to provide private
> for each student. We made an action that will take a "students"
> folder with
> a large number of subfolders and will automatically make users and
> roles for
> each subfolder and set permisisons so that students can read and write
> own folders, but nobody else can read or write them. In this class,
> students write short essays several times a week and take turns grading
> them. I wanted to do this all on the wiki. The grader must be able
> to read
> the essays, but nobody else can read them until they are all turned
> in. I
> make a "VirtualFolder" structure that I can put in the folder of the
> If the student is supposed to grade essay 3, I will initialize the
> folder with the string "essay 3" and then the folder will act like it
> contains every page named "essay 3" in any of the student folders.
> When the
> grader is finished grading the essays, he can make his virtual folder
> readable by the world, and then everybody can read the essays. The
> representing the essays will have two URLs, their original one and the
> through the virtual folder. They will have different permssions
> on which URL you use.
> We got all this to work and I was pleased.
This is nice. I would not have known how to make this works.
I think that SmallWiki will start to pay off as soon as you have non
basic needs and in the
long run we are winning.
> The advanced security system is complex, and security depends on roles
> assigned correctly. It would be useful to have some sort of an
> package that would make it easy to see who is allowed to do what to the
> various parts of the wiki. For example, it could draw a diagram of
> the wiki
> and color different parts with the roles that work on them. Until
> then, my
> solution will be to keep things very simple. Except for this one
> I'll just have the administrator and the anonymous role.
Yes I agree having a overall picture is currently missing. I think that
with the new version
of SmallWiki building more advanced tools will be easier because writing
web widgets is not easy right now.
More information about the SmallWiki