I like the idea of individually delegated auth for operations but at
the same time we've got a pretty involved auth/security mechanism as
is. I'll need to sleep on it and see if I can come up with a
reasonable way of integrating your approach into what's there already.
In particular your use case, which is self-service user administration
sounds very close to a feature we'll be releasing very soon - 'Request
Access' -- which will allow most of this functionality for users who
aren't already part of your wiki. While this doesn't give you the
automatic round-trip it's a start.
Even if we were to have op-granularity keys, for the AddUser op it'd a
bit more tricky -- you don't want to be just handing out a form which
would allow someone to add themselves at an arbitrary permission, it'd
need to be 'key-able-to-adduser-at-read-permision' which is a bit of
plumbing I hadn't anticipated.
Meanwhile, you could always host just a form somewhere else, catch the
posted email and run the request from your server, then redirect the
user back to the wiki. That's a little bit convoluted but is doable
today.
-n
I agree it'd be great to have a PBwiki-only solution for that. I've
been sketching out a mechanism for the
rights-for-particular-operations keys and I think I have a workable
solution, will update if/when that's something available to test out.
My ideal world (short of a sort of 'Self-serve add-users plugin' )
would allow something like this on the page, though we do fairly
aggressive html sanitizing which removes form elements, needs a
workaround to work ...
Add yourself here:<br/>
<form method=post action=https://nathan.pbwiki.com/api_v2/>
run the op<input type=text name=op value=AddUser /><br/>
your email<input type=text name=email /><br/>
make up a new password<input type=password name=password /><br/>
your perm will be read<input type=text name=perm value="read" /><br/>
using opkey_adduser_read<input type=text name=opkey_adduser_read
value="FAKE-KEY" /><br/>
redirect _after_success<input type=text name=_after_success
value="/FrontPage" /><br/>
<input type=submit />
</form>