From 75a333539929f12b465071f9203f58f2eacd5f3f Mon Sep 17 00:00:00 2001 From: "http://smcv.pseudorandom.co.uk/" Date: Tue, 18 Nov 2008 05:12:44 -0500 Subject: rename plugins/contrib/postcomment.mdwn to plugins/contrib/comments.mdwn --- doc/plugins/contrib/comments.mdwn | 103 +++++++++++++++++++++++++++++++++++ doc/plugins/contrib/postcomment.mdwn | 103 ----------------------------------- 2 files changed, 103 insertions(+), 103 deletions(-) create mode 100644 doc/plugins/contrib/comments.mdwn delete mode 100644 doc/plugins/contrib/postcomment.mdwn diff --git a/doc/plugins/contrib/comments.mdwn b/doc/plugins/contrib/comments.mdwn new file mode 100644 index 000000000..2e501995f --- /dev/null +++ b/doc/plugins/contrib/comments.mdwn @@ -0,0 +1,103 @@ +[[!template id=plugin name=postcomment author="[[Simon_McVittie|smcv]]"]] +[[!tag type/useful]] + +This plugin adds "blog-style" comments. The intention is that on a non-wiki site +(like a blog) you can lock all pages for admin-only access, then allow otherwise +unprivileged (or perhaps even anonymous) users to comment on posts. + +Comments are saved as internal pages, so they can never be edited through the CGI, +only by direct committers. Currently, comments are always in [[ikiwiki/markdown]]. + +> So, why do it this way, instead of using regular wiki pages in a +> namespace, such as `$page/comments/*`? Then you could use [[plugins/lockedit]] to +> limit editing of comments in more powerful ways. --[[Joey]] + +>> Er... I suppose so. I'd assumed that these pages ought to only exist as inlines +>> rather than as individual pages (same reasoning as aggregated posts), though. +>> +>> lockedit is actually somewhat insufficient, since `check_canedit()` +>> doesn't distinguish between creation and editing; I'd have to continue to use +>> some sort of odd hack to allow creation but not editing. +>> +>> I also can't think of any circumstance where you'd want a user other than +>> admins (~= git committers) and possibly the commenter (who we can't check for +>> at the moment anyway, I don't think?) to be able to edit comments - I think +>> user expectations for something that looks like ordinary blog comments are +>> likely to include "others can't put words into my mouth". --[[smcv]] + +Directives and raw HTML are filtered out by default, and comment authorship should +hopefully be unforgeable by CGI users. + +> I'm not sure that raw html should be a problem, as long as the +> htmlsanitizer and htmlbalanced plugins are enabled. I can see filtering +> out directives, as a special case. --[[Joey]] + +>> Right, if I sanitize each post individually, with htmlscrubber and either htmltidy +>> or htmlbalance turned on, then there should be no way the user can forge a comment; +>> I was initially wary of allowing meta directives, but I think those are OK, as long +>> as the comment template puts the \[[!meta author]] at the *end*. Disallowing +>> directives is more a way to avoid commenters causing expensive processing than +>> anything else, at this point. --[[smcv]] + +When comments have been enabled generally, you still need to mark which pages +can have comments, by including the `\[[!postcomment]]` directive in them. By default, +this directive expands to a "post a comment" link plus an `\[[!inline]]` with +the comments. + +> I don't like this, because it's hard to explain to someone why they have +> to insert this into every post to their blog. Seems that the model used +> for discussion pages could work -- if comments are enabled, automatically +> add the comment posting form and comments to the end of each page. +> --[[Joey]] + +>> I don't think I'd want comments on *every* page (particularly, not the +>> front page). Perhaps a pagespec in the setup file, where the default is "*"? +>> Then control freaks like me could use "link(tags/comments)" and tag pages +>> as allowing comments. +>> +>> The model used for discussion pages does require patching the existing +>> page template, which I was trying to avoid - I'm not convinced that having +>> every possible feature hard-coded there really scales (and obviously it's +>> rather annoying while this plugin is on a branch). --[[smcv]] + +The plugin adds a new [[ikiwiki/PageSpec]] match type, `postcomment`, for use +with `anonok_pagespec` from the [[plugins/anonok]] plugin or `locked_pages` from +the [[plugins/lockedit]] plugin. Typical usage would be something like: + + locked_pages => "!postcomment(*)" + +to allow non-admin users to comment on pages, but not edit anything. You can also do + + anonok_pages => "postcomment(*)" + +to allow anonymous comments (the IP address will be used as the "author"). + +Optional parameters to the postcomment directive: + +* `commit=no`: by default, comments are committed to version control. Use this to + disable commits. +* `allowhtml=yes`: by default, raw HTML is filtered out. Use this to allow HTML + (you should enable [[plugins/htmlscrubber]] and either [[plugins/htmltidy]] or + [[plugins/contrib/htmlbalance]] if you do this). +* `allowdirectives=yes`: by default, IkiWiki directives are filtered out. Use this + to allow directives (avoid enabling any [[plugins/type/slow]] directives if you + do this). +* `closed=yes`: use this to prevent new comments while still displaying existing ones. +* `atom`, `rss`, `feeds`, `feedshow`, `timeformat`, `feedonly`: the same as for [[plugins/inline]] + +This plugin aims to close the [[todo]] item "[[todo/supporting_comments_via_disussion_pages]]", +and is currently available from [[smcv]]'s git repository on git.pseudorandom.co.uk. + +Known issues: + +* Needs code review +* The access control via postcomment() is rather strange +* There is some common code cargo-culted from other plugins (notably inline and editpage) which + should probably be shared +* If the postcomment directive is removed from a page, comments can still be made on that page, + and will be committed but not displayed; to disable comments properly you have to set the + closed="yes" directive parameter (and refresh the wiki), *then* remove the directive if + desired + +> I haven't done a detailed code review, but I will say I'm pleased you +> avoided re-implementing inline! --[[Joey]] diff --git a/doc/plugins/contrib/postcomment.mdwn b/doc/plugins/contrib/postcomment.mdwn deleted file mode 100644 index 2e501995f..000000000 --- a/doc/plugins/contrib/postcomment.mdwn +++ /dev/null @@ -1,103 +0,0 @@ -[[!template id=plugin name=postcomment author="[[Simon_McVittie|smcv]]"]] -[[!tag type/useful]] - -This plugin adds "blog-style" comments. The intention is that on a non-wiki site -(like a blog) you can lock all pages for admin-only access, then allow otherwise -unprivileged (or perhaps even anonymous) users to comment on posts. - -Comments are saved as internal pages, so they can never be edited through the CGI, -only by direct committers. Currently, comments are always in [[ikiwiki/markdown]]. - -> So, why do it this way, instead of using regular wiki pages in a -> namespace, such as `$page/comments/*`? Then you could use [[plugins/lockedit]] to -> limit editing of comments in more powerful ways. --[[Joey]] - ->> Er... I suppose so. I'd assumed that these pages ought to only exist as inlines ->> rather than as individual pages (same reasoning as aggregated posts), though. ->> ->> lockedit is actually somewhat insufficient, since `check_canedit()` ->> doesn't distinguish between creation and editing; I'd have to continue to use ->> some sort of odd hack to allow creation but not editing. ->> ->> I also can't think of any circumstance where you'd want a user other than ->> admins (~= git committers) and possibly the commenter (who we can't check for ->> at the moment anyway, I don't think?) to be able to edit comments - I think ->> user expectations for something that looks like ordinary blog comments are ->> likely to include "others can't put words into my mouth". --[[smcv]] - -Directives and raw HTML are filtered out by default, and comment authorship should -hopefully be unforgeable by CGI users. - -> I'm not sure that raw html should be a problem, as long as the -> htmlsanitizer and htmlbalanced plugins are enabled. I can see filtering -> out directives, as a special case. --[[Joey]] - ->> Right, if I sanitize each post individually, with htmlscrubber and either htmltidy ->> or htmlbalance turned on, then there should be no way the user can forge a comment; ->> I was initially wary of allowing meta directives, but I think those are OK, as long ->> as the comment template puts the \[[!meta author]] at the *end*. Disallowing ->> directives is more a way to avoid commenters causing expensive processing than ->> anything else, at this point. --[[smcv]] - -When comments have been enabled generally, you still need to mark which pages -can have comments, by including the `\[[!postcomment]]` directive in them. By default, -this directive expands to a "post a comment" link plus an `\[[!inline]]` with -the comments. - -> I don't like this, because it's hard to explain to someone why they have -> to insert this into every post to their blog. Seems that the model used -> for discussion pages could work -- if comments are enabled, automatically -> add the comment posting form and comments to the end of each page. -> --[[Joey]] - ->> I don't think I'd want comments on *every* page (particularly, not the ->> front page). Perhaps a pagespec in the setup file, where the default is "*"? ->> Then control freaks like me could use "link(tags/comments)" and tag pages ->> as allowing comments. ->> ->> The model used for discussion pages does require patching the existing ->> page template, which I was trying to avoid - I'm not convinced that having ->> every possible feature hard-coded there really scales (and obviously it's ->> rather annoying while this plugin is on a branch). --[[smcv]] - -The plugin adds a new [[ikiwiki/PageSpec]] match type, `postcomment`, for use -with `anonok_pagespec` from the [[plugins/anonok]] plugin or `locked_pages` from -the [[plugins/lockedit]] plugin. Typical usage would be something like: - - locked_pages => "!postcomment(*)" - -to allow non-admin users to comment on pages, but not edit anything. You can also do - - anonok_pages => "postcomment(*)" - -to allow anonymous comments (the IP address will be used as the "author"). - -Optional parameters to the postcomment directive: - -* `commit=no`: by default, comments are committed to version control. Use this to - disable commits. -* `allowhtml=yes`: by default, raw HTML is filtered out. Use this to allow HTML - (you should enable [[plugins/htmlscrubber]] and either [[plugins/htmltidy]] or - [[plugins/contrib/htmlbalance]] if you do this). -* `allowdirectives=yes`: by default, IkiWiki directives are filtered out. Use this - to allow directives (avoid enabling any [[plugins/type/slow]] directives if you - do this). -* `closed=yes`: use this to prevent new comments while still displaying existing ones. -* `atom`, `rss`, `feeds`, `feedshow`, `timeformat`, `feedonly`: the same as for [[plugins/inline]] - -This plugin aims to close the [[todo]] item "[[todo/supporting_comments_via_disussion_pages]]", -and is currently available from [[smcv]]'s git repository on git.pseudorandom.co.uk. - -Known issues: - -* Needs code review -* The access control via postcomment() is rather strange -* There is some common code cargo-culted from other plugins (notably inline and editpage) which - should probably be shared -* If the postcomment directive is removed from a page, comments can still be made on that page, - and will be committed but not displayed; to disable comments properly you have to set the - closed="yes" directive parameter (and refresh the wiki), *then* remove the directive if - desired - -> I haven't done a detailed code review, but I will say I'm pleased you -> avoided re-implementing inline! --[[Joey]] -- cgit v1.2.3