The webmaster continues to mumble to himself....
I don't want somebody to steal/guess somebody else's password and use it to delete/modify lots of stuff posted by the other guy. Yet I want somebody to be able to modify/remove/rename things they post. This is how the language will solve the problem:
First of all, at the low level, nothing will be deletable. Once you upload something, it cannot be edited or removed. (Of course, the webmaster can break all the rules...)
However, users will still be able to do a "remove." What will happen when they "remove" something is that the connections which cause it to show up on the website will be removed, or else some sort of flag will be set up which will tell the website not to index it. So, although it will be sitting on the hard drive of the webserver, it will not be visible to the users of the website.
What this means is that users will be able to remove things from the website, but the webmaster will be able to restore stuff if something goes wrong.
In the last year of so of adminning this site, I've found that it's not just the raw data that is important to maintain. The metadata (like the last-modified date, the links to responses, etc.) is also important to keep accurate, and I want to protect it with the same security features. If some hacker can come in and delete (or undelete) huge amounts of stuff on the website, and I then have to fix it all by hand, that's a Bad Thing. Happily, this is doable with the system I'm devising here.
The metadata of the website will be protected just like the base data. So if there is a record which shows the current list of uploaded blogs, you can't delete that record. What you can do is edit (or make invisible) that record, but it still stays around in the backup copies of the website.
The way this happens is that when you edit things, you don't really edit or remove the old data. Instead, the old record is stored inside a "prev" field of the current record. Typically, a class's Display() function will only display the latest version, but it is possible to show old ones as well.
So, for example, when you upload a new class type (see Versioning above), you will be creating a new class record, but the old class record will still be available through the "prev" field.
Now, when something refers to something else in the website (such as how an uploaded object refers to the class which defines it), you need to decide whether that link is to a very particular version of the thing, or to the latest version. In the example where a certain upload (say, a Blog) points to the class which defines it (the Blog class), you want to point to a specific version of Blog. Even if the Blog class is updated, that specific blog you uploaded will always be controlled by the old code. On the other hand, if the thing you're uploading is something that controls how the website looks (such as the modifiable Links section on the top of this website), then you want to have everything refer to the most recent version; when you upload a new version, you want everything to automatically point to the new one.
I haven't figured out exactly how I'm going to do this yet. However, the website language will allow for both types of references; ones which are tied to a very particular version of an upload, and ones which follow the upload as it gets updated. |