Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Permissions per Page / Directory (Allow admins to set pages as 'protected', allowing only Admins to edit those pages) #54

Open
cswimr opened this issue Nov 3, 2023 · 11 comments
Labels
enhancement New feature or request

Comments

@cswimr
Copy link

cswimr commented Nov 3, 2023

Title explains it, pretty much. This is useful for pages like the home page that you don't really want random people editing, but you want the rest of the wiki to be editable by other people.

@redimp redimp added the enhancement New feature or request label Nov 4, 2023
@redimp
Copy link
Owner

redimp commented Nov 4, 2023

Thx for opening this feature request. I've thought about makeing pages configureable via YAML frontmatter. For this feature it might look like this:

---
protected: true
---

# Home

...

Do you that's a viable option?

@cswimr
Copy link
Author

cswimr commented Nov 5, 2023

Would there be anything preventing a normal user from adding that to a page and making it un-editable, requiring admin intervention? Or would only admins be allowed to save documents containing that type of YAML configuration?

Also, if that's going to be a thing, maybe add a hidden option as well, to prevent certain pages from appearing in the search/A-Z list?
That might be a separate feature request, but otherwise yeah that works.

@redimp
Copy link
Owner

redimp commented Nov 5, 2023

Obviously I underestimate what disruptive or trolling peoples might could come up with. Good point. Configurations like should be limited to Admins.

My assumption was that if someone encounters disruptive behaviour, the user gets the approval revoked and the changes to the pages reverted.

@redimp
Copy link
Owner

redimp commented Nov 5, 2023

Also, if that's going to be a thing, maybe add a hidden option as well, to prevent certain pages from appearing in the search/A-Z list? That might be a separate feature request, but otherwise yeah that works.

To make this possible, a permissions management per page or per subdirectory would be the most viable option. I would consider this (for now) as out of scope. To discuss this further, please open another feature request. I'm curious what your use-case is.

@redimp
Copy link
Owner

redimp commented Nov 5, 2023

Another thought: Maybe permissions per page / subdirectory would be the best way to handle protected pages as well.

@cswimr
Copy link
Author

cswimr commented Nov 5, 2023

Obviously I underestimate what disruptive or trolling peoples might could come up with. Good point. Configurations like should be limited to Admins.
My assumption was that if someone encounters disruptive behaviour, the user gets the approval revoked and the changes to the pages reverted.

Yeah, I think that's the general idea for the most part, but for some pages you kinda don't want approved users to edit them either, like a Rules page or a homepage, or high-traffic pages in general.

To make this possible, a permissions management per page or per subdirectory would be the most viable option. I would consider this (for now) as out of scope. To discuss this further, please open another feature request. I'm curious what your use-case is.

I'll probably open another feature request at some point, but for now it's not really important. Just a random thought I had while responding last night.

Another thought: Maybe permissions per page / subdirectory would be the best way to handle protected pages as well.

You could probably use regex or something to detect if someone is trying to change page configuration, and if they are, then check if they're an admin, if they're not, block the edit. Just make it so configuration only loads from the top of the file or something.
For a single feature, having an entire system in place to change that one thing seems.. kinda overkill? Unless its like, a dropdown menu selection or something. Then I guess it'd work.

@redimp
Copy link
Owner

redimp commented Nov 5, 2023

I like the idea of adding an option that Admins can configure a regex to protect pages.

Implementing this is nevertheless a lot of work, on the one hand it must always be tested for all changes whether this pagepath is allowed to be edited, on the other hand there are several actions in which the pagepath is not directly "visible", e.g. when a commit is reverted.

When this is done we are halfway to permissions per page / subdirectory.

Will think about it. Maybe this is a good feature for the 2.1.0 milestone.

@redimp redimp changed the title [Feature Request] Allow admins to set pages as 'protected', allowing only Admins to edit those pages Permissions per Page / Directory (Allow admins to set pages as 'protected', allowing only Admins to edit those pages) Jan 8, 2024
@redimp
Copy link
Owner

redimp commented Jan 8, 2024

More feature requests for permissions per Page / Directory coming in. In #72 @rcosg suggested to add a feature that allows to make pages private.

Will think about what a minimalistic role or permission model should look like.

@joaoferreira-git
Copy link

More feature requests for permissions per Page / Directory coming in. In #72 @rcosg suggested to add a feature that allows to make pages private.

Will think about what a minimalistic role or permission model should look like.

I came here just to suggest this but it looks like rcosg thought of it first, started using it today and i feel this is perfect to replace my personal YouTrack wiki and the only thing missing is the option to have it either private/public by default and being able to set one or more pages to public/private as rcosg suggested.
Thanks for all of the work.

@redimp
Copy link
Owner

redimp commented Mar 17, 2024

The idea that I have in mind should support at least these common environments:

  • a per default private wiki with some public pages
  • a per default public wiki with some pages being proteced (only allowed to be modified by a specific group of users) and some pages being private (only allowed to be viewed by a specific group of users).

This feature for sure needs the concept of groups, because no one wants to configure this again and again per user ... and a concept of rules brigns together pages, groups and permissions.

@tionis
Copy link

tionis commented Oct 10, 2024

I was thinking about a repository global configuration of groups -> permissions and user -> groups mappings, that only an admin can edit.
The group permissions could be regex, glob or pattern lists on the file path.
(Alternatively, add some .auth files that apply authorization rules recursively or statically to all children of the dir and subdirs. That would introduce some problems with people being able to create files that lock themselves out though.)
(or you could base the model on unix style user:group rw permissions per file in some protected metadata)

@redimp redimp mentioned this issue Dec 8, 2024
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

4 participants