Kwiki ("Kwiki is perhaps the simplest to install, most modular, and easiest to extend Wiki") has multiple modules for page access, but those modules are geared towards controlling access by individuals. Intranets often have multiple groups of people working on different projects — projects whose access is better keyed to their groups than to their individual users.
This note tries to lay out what (IMHO) would be necessary for a successful Kwiki group-access control module. For lack of a more imaginative name, let's call this module Kwiki::UserGroups or KUG.
- Pages should not have to possess any KUG group-access control list.
- It should be possible for a page to be "owned" by multiple groups at the same time.
- It should be possible to add and delete groups from a page's group-access control list.
- Ideally, people should only have to consciously think of their KUG group memberships when they are starting up or ending their membership in a group. Needing an explicit "change group" command would make using KUG more difficult than it needs to be.
- KUG users should have the same usernames as elsewhere in Kwiki. Having a separate set of usernames for groups of users might guarantee that no one would use KUG.
- KUG administration should be possible through both the command-line and the Web.
- KUG administration should actually be performed by Perl modules, so that the command-line and Web interfaces are just wrappers around the workhorse modules.
- It would be nice (but only an optimization) if user and group permissions were stored in the same files, thereby saving some file accesses.
Comments are especially welcome on this proposal -- I would like Kwiki::UserGroups to be the best usergroup module for Kwiki, so harnessing Perl community brainpower would be good for the development of Kwiki::UserGroups.
