00870: notification mechanism should take page permissions into account

Summary: notification mechanism should take page permissions into account
Created: 2007-01-22 04:15
Status: Open
Category: Feature
From: ThomasP
Assigned:
Priority: 4
Version: 2
OS:

Description: When recently setting up a wiki page dedicated for some work with a colleague I noticed that a

 notify=myColleaguesAddress@somewhere.com 

would notify him of every page change on the site, also the ones that are not readable to him. This is not necessary, and may even be a security/privacy issue.

Indeed it would be possible at the moment to just include the

 ... page=Misc.OurSharedPage1,Misc.SharedPage2

in the notify command for every page that is readable by him, however this is not practical as one then has to maintain permission and notification settings in duplicate where one place would suffice.

Finally, considering that one would sooner or later seek for a decentralized (and user-controlled) notification management file (see PITS.00772), it is better to do it right (i.e. do a check) on the code level.

Thus I would propose the readability check into the notify.php code. At the moment this is still difficult since

  • the email address would have to be (authoritatively) mapped to a username, and
  • the permission must be checked based on this username.

While the second part is probably easily done (using authuser.php; for userauth.php some additions necessary), the first part would require some profile of the user with an appropriate option in it. (Don't know whether the Profile pages belonging to a user are capable of this. Note that it should be secure in the end - no address spoofing etc.!!)

This PITS issue is therefore more meant to document the issue.

See also

Other notification related PITS issues are

  • PITS.00772 (have a decentralized notification management using per-group lists, see above)
  • PITS.00785 (notify on uploads)
  • PITS.00867 (exclude certain authors (e.g. the originator of the post) of being notified)