[Tiki-devel] The $%#@!! plugin was changed approving

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[Tiki-devel] The $%#@!! plugin was changed approving

Bernard Sfez-3
Hello,

When some plugin content are modified it require super user (Admin or any member of a group with the right permission) approval as some plugin may disrupt page, website or worst.

BUT this is very annoying for admin that have to work intensively on several pages, templates and included page.
I’ve been working on several Tiki and it happened several time that I missed an approval that was afterward signaled by a user complain or a customer.

To illustrate, I have a Tiki I’m working on that use hundreds of pages that include (plugin include) 4 html form (external service).
Each update of a form is a pain.

The approving the 4 pages with the form is not enough. I have to approve ALL the pages (even the included one) where the form is displayed.

tiki-plugins.php doesn’t solve as I found out that NOT all the required approval page are displayed. For exemple, some page need to be loaded first at least one time prior to be listed at : tiki-plugins.php

I believe I’m not the only one that have an issue with that (I recall Nelson pointing me to a hack to disable the approval) but that’s a first question, only me ?

Second question if more think we should deal with that, what about an option at Admin => Editing Plugin like:
Always automatically approve plugin modification for Admin

I’m not sure if a new perm to share this setting with other group worth it.


Thoughts ?

Bernard Sfez | bsfez.com


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
Reply | Threaded
Open this post in threaded view
|

Re: [Tiki-devel] The $%#@!! plugin was changed approving

Dr. Sassafras
Some of those plugins have security implications. Some of them are to help protecting vandalism, or to control content. 

A system that is able to respect the reason why approval is required would be nice. The end user may not understand the security implications of just approving all. 

Brendan

On Feb 14, 2017, at 4:57 PM, Bernard Sfez <[hidden email]> wrote:

Hello,

When some plugin content are modified it require super user (Admin or any member of a group with the right permission) approval as some plugin may disrupt page, website or worst.

BUT this is very annoying for admin that have to work intensively on several pages, templates and included page.
I’ve been working on several Tiki and it happened several time that I missed an approval that was afterward signaled by a user complain or a customer.

To illustrate, I have a Tiki I’m working on that use hundreds of pages that include (plugin include) 4 html form (external service).
Each update of a form is a pain.

The approving the 4 pages with the form is not enough. I have to approve ALL the pages (even the included one) where the form is displayed.

tiki-plugins.php doesn’t solve as I found out that NOT all the required approval page are displayed. For exemple, some page need to be loaded first at least one time prior to be listed at : tiki-plugins.php

I believe I’m not the only one that have an issue with that (I recall Nelson pointing me to a hack to disable the approval) but that’s a first question, only me ?

Second question if more think we should deal with that, what about an option at Admin => Editing Plugin like:
Always automatically approve plugin modification for Admin

I’m not sure if a new perm to share this setting with other group worth it.


Thoughts ?

Bernard Sfez | bsfez.com

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
Reply | Threaded
Open this post in threaded view
|

Re: [Tiki-devel] The $%#@!! plugin was changed approving

Dr. Sassafras
In reply to this post by Bernard Sfez-3
Sorry that last one got away from me before I was done.

Possible ideas:
Tag security related plugin approvals, so user is well-aware.
Allow override of approvals (and perhaps enabling of approvals) based upon permission hierarchy. User-groups or something like that. 

So the defaults are always safe, and admin can give up partial or full control with knowledge of the security risks.....?

Brendan

On Feb 14, 2017, at 4:57 PM, Bernard Sfez <[hidden email]> wrote:

Hello,

When some plugin content are modified it require super user (Admin or any member of a group with the right permission) approval as some plugin may disrupt page, website or worst.

BUT this is very annoying for admin that have to work intensively on several pages, templates and included page.
I’ve been working on several Tiki and it happened several time that I missed an approval that was afterward signaled by a user complain or a customer.

To illustrate, I have a Tiki I’m working on that use hundreds of pages that include (plugin include) 4 html form (external service).
Each update of a form is a pain.

The approving the 4 pages with the form is not enough. I have to approve ALL the pages (even the included one) where the form is displayed.

tiki-plugins.php doesn’t solve as I found out that NOT all the required approval page are displayed. For exemple, some page need to be loaded first at least one time prior to be listed at : tiki-plugins.php

I believe I’m not the only one that have an issue with that (I recall Nelson pointing me to a hack to disable the approval) but that’s a first question, only me ?

Second question if more think we should deal with that, what about an option at Admin => Editing Plugin like:
Always automatically approve plugin modification for Admin

I’m not sure if a new perm to share this setting with other group worth it.


Thoughts ?

Bernard Sfez | bsfez.com

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
Reply | Threaded
Open this post in threaded view
|

Re: [Tiki-devel] The $%#@!! plugin was changed approving

Gary Cunningham-Lee
In reply to this post by Bernard Sfez-3
I've often thought that the plugin approval form shouldn't be needed
when the plugin is added by an admin.

-- Gary

On 2/14/2017 4:57 PM, Bernard Sfez wrote:

> Hello,
>
> When some plugin content are modified it require super user (Admin or
> any member of a group with the right permission) approval as some plugin
> may disrupt page, website or worst.
>
> BUT this is very annoying for admin that have to work intensively on
> several pages, templates and included page.
> I’ve been working on several Tiki and it happened several time that I
> missed an approval that was afterward signaled by a user complain or a
> customer.
>
> To illustrate, I have a Tiki I’m working on that use hundreds of pages
> that include (plugin include) 4 html form (external service).
> Each update of a form is a pain.
>
> The approving the 4 pages with the form is not enough. I have to approve
> ALL the pages (even the included one) where the form is displayed.
>
> tiki-plugins.php doesn’t solve as I found out that NOT all the required
> approval page are displayed. For exemple, some page need to be loaded
> first at least one time prior to be listed at : tiki-plugins.php
>
> I believe I’m not the only one that have an issue with that (I recall
> Nelson pointing me to a hack to disable the approval) but that’s a first
> question, only me ?
>
> Second question if more think we should deal with that, what about an
> option at Admin => Editing Plugin like:
> Always automatically approve plugin modification for Admin
>
> I’m not sure if a new perm to share this setting with other group worth it.
>
>
> Thoughts ?
>
> Bernard Sfez | bsfez.com <https://bsfez.com/>
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>
>
>
> _______________________________________________
> TikiWiki-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
>


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel