# SoC Proposal for Implementation of a File Upload Interface I intend to extend Ikiwiki such that it accepts file uploads, subject to access control, and displays image collections in a gallery format. Since the latter component is dependent on the former, I will defer its planning for now. What follows is a very rough draft of my thoughts on the matter. Comments are welcomed, either on the discussion page or via e-mail (_me_ at _inelegant.org_). I suggest we adopt the Trac/Wikipedia concept of "attaching" files to a given page. In this scenario, each page for which file upload has been enabled, will sport an `` construct along with an _Attach_ button. Upon successfully attaching a file, its name will be appended to an _"Attachments"_ list at the bottom of the page. The names in the list will link to the appropriate files. Architecturally, this means that after a file has been attached to a page, the page will have to be rebuilt. ## Metadata Uploaded files will have at least the following pieces of metadata: * Filename * Upload date * Page attached to * Uploader's name * File size * File type The first three pieces of data are associated with every new page on the wiki by means of the _.ikiwiki/index_ file (_src_/_dest_, _ctime_, and _link_, respectively). The next two are stored in the RCS log. Ideally, the list of attachments for a given page will detail, at least, each attachment's type (so the user knows whether they can open it), size (so the user knows whether it is worth downloading), and potentially a thumbnail of some sort for images and videos. It is potentially expensive to query the RCS for this data on every page rebuild, so I propose the addition of two optional fields to the index file: _mime_, which contains the MIME type of the _dest_ file, and _size_, which contains the size in bytes of _dest_. If a user attached a photograph (_my-cat.png_) to a page (_my-cat_), the following lines are representative of what _index_ may store: mtime=1174347925 ctime=1169220485 src=my-cat.png dest=my-cat.png link=my-cat mime=image/png size=73100 mtime=1174347927 ctime=1174347927 src=my-cat.mdwn dest=my-cat/index.html link=my-cat.png Thus, we define an attachment as file linked from an existing page, with a non-_text/html_ MIME type. ## Configuration In [[todo/fileupload]] it is specified that the upload feature must be highly configurable. It is suggested that this configuration be achieved by embedding directives in the wiki pages directly. Consider an ikiwiki for photographers. The admin decides to allow users to upload their photographs. Using the Pagespec suggestion, he must enforce this policy on the front page of his wiki (as preferences cascade horizontally downwards). He must then lock the front page from editing, in order to prevent his users from reversing his decision. IOW, he is forced to lock a page purely to register a configuration preference. He will need to repeat this process for each layer of the hierarchy he wants to apply a different policy to. Further, these embedded configuration directives risk overshadowing the content of the page, and thus confusing users. This would become particularly problematic for wikis which need to maintain blacklists/whitelists for access control -- they would need to continually update wiki pages (thus polluting the RCS logs) just to stem abuse. I suspect that we can accommodate most use cases by allowing these options to be set globally in the _ikiwiki.setup_ file. They can then be optionally set on a page-by-page basis by use of pagespecs or a reworking of the config system such that ikiwiki dotfiles can be placed at arbitrary levels of the hierarchy, and have their directives supersede those set by their parents. Clearly, the first option is significantly simpler. ## Operation 1. File upload forms will be rendered on all wiki pages which have been allowed in the global configuration file. By default, this will probably be none of them. 2. The forms will interface with _ikiwiki.cgi_, passing it the filename, the file contents, and the name of the page to which it is being attached. 3. The CGI will consult the config file and any embedded pagespecs in turn, to determine whether the access controls permit the upload. If they don't, an error message will be displayed to the user, and the process will abort. 4. The uploaded file will be saved to the appropriate directory. 5. The uploaded file will be committed to the RCS. 6. _.ikiwiki/index_ will be modified to reflect the new upload (as above). 7. The page to which the file is attached (and any other affected pages) will be regenerated. --Ben