[drupal-devel] Core Folksonomy: First Code Available
morbus at disobey.com
Tue Mar 15 23:35:06 UTC 2005
> One suggestion: Should there be a conditional statement to trivially ignore
> community terms that are empty after the trim() call, in order to reject
> empty terms created by strings like "cat, dog,, fish, snake"? (I didn't look
> to see if the core already took care of that; I just didn't see it in your
Excellent. Yes, that's something that'll need to be added. (I suspect
that if a blank value was sent to taxonomy_save_term, that module would
croak, but I'm not entirely sure how the error would escalate upwards.)
Besides further integration, the next thing I'm thinking about is user
permissions (and I admit to not giving it alot of thought until this
paragraph, so I may "solve" it by the time I'm finished).
I've got to see what happens when a non-admin user logs in and creates a
node they have permission to. I /think/ the new code will function
properly, but I suspect this is exploitable:
* To ensure that the right community defined terms are added to the
right folksonomy (thus ensuring multiple folksonomies on one
site could remain independent, much like normal taxos [normal
taxos use the unique tid so knowing the vid isn't important]),
the vid is included in the node form:
(note: "vid" will change to "community")
This seemingly allows someone to make their own local form,
change the vid to a controlled vid, and add a new term to
a vocabulary that has not been designated community created.
I'm not sure what the best way to handle this is.
The easiest, but still error-prone way is to ensure that the $vid passed
has $community enabled. This would require an additional lookup for
every vocabulary attached to a particular node on taxonomy_node_save.
Then, the user could only "corrupt" community-created folksonomies
(where "corrupt" is loosely defined as "maliciously doing what he's
already allowed to do"). But, see below.
The other alternative would be a brand new taxonomy permission:
* add new terms to community-created taxonomies
Thus, you'd be able to create tiers of folksy users: all users can
create nodes but group A can create new terms and group B can't. The
downside of this is that the next "obvious" step would be to have a new
permission PER community-created taxonomy: group A can create new terms
in 'Folksonomy Tags', group B can create new terms in both 'Folksonomy
Tags' and 'Another Example'. I can certainly see that being useful:
* "gallery uploaders" can create new tags in 'Image-Only Folksonomy'
* "music uploaders" can create new tags in 'MP3-Sharers Anonymous'.
but I'm not entirely sure if I'm just being pie-in-the-sky.
Morbus Iff ( i know a little of everything, a lot of nothing. )
Culture: http://www.disobey.com/ and http://www.gamegrene.com/
icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.org: morbus
More information about the drupal-devel