X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/2eef342383022a221f4f3fdf4212e8af3aa17294..e4ee11e1f294c52b7ac80be6e7f22e1ff27fa6d6:/doc/todo/fileupload.mdwn diff --git a/doc/todo/fileupload.mdwn b/doc/todo/fileupload.mdwn index db5932de8..1962d6b40 100644 --- a/doc/todo/fileupload.mdwn +++ b/doc/todo/fileupload.mdwn @@ -1,3 +1,5 @@ +(I've written a [[proposal|todo/fileupload/soc-proposal]] for this feature --Ben). + Support for uploading files is useful for many circumstances: * Uploading images. @@ -20,6 +22,7 @@ the work is in securing it. Several classes of controls seem appropriate: browsers are probably too smart for their own good and may ignore the extension / mime info and process as the actual detected file type. It may be necessary to use `file` to determine a file's true type. +* Optional ability to test a file using a virus scanner like clamav. * Limits to who can upload what type of files. * Limits to what files can be uploaded where. @@ -32,4 +35,29 @@ the rules might look something like this: ( user(joey) and maxsize(1mb) and (type(webimage) or *.mp3) ) or ( user(joey) and maxsize(200mb) and (*.mov or *.avi) and videos/*) +With a small extension, this could even be used to limit the max sizes of +normal wiki pages, which could be useful if someone was abusing an open wiki +as a wikifs. Maybe. + + ( type(page) and maxsize(32k) ) + +And if that's done, it can also be used to lock users from editing a pages +or the whole wiki: + + !(( user(spammer) and * ) or + ( user(42.12.*) and * ) or + ( user(http://evilopenidserver/*) and * ) or + ( user(annoying) and index) or + ( immutable_page )) + +That would obsolete the current simple admin prefs for banned users and +locked pages. Suddenly all the access controls live in one place. +Wonderbar! + +(Note that pagespec_match will now return an object that stringifies to a +message indicating why the pagespec matched, or failed to match, so if a +pagespec lock like the above prevents an edit or upload from happening, +ikiwiki could display a reasonable message to the user, indicating what +they've done wrong.) + [[tag soc]]