|Title|Specific Access Level For Comment 
|Date|03-Jul-2006 15:00:07 EEST
|JSPWiki version|2.4.x
|Submitter|Jerome Duprez
|[Idea Category]|GenericIdea
|_cmdline|form='ideaform' category='GenericIdea' status='NewIdea' title='' page='Idea'  map='title=Title;version=JSPWiki version;url=Reference;category=[Idea Category];x;status=[Idea Status]'
|[Idea Status]|NewIdea

As a refinment of JspWiki's access control features, I think comments deserve a specific access level.
Currently the rights to edit a page is all or nothing. Multiple levels of configuration are available (default policiy + explicit ACL), but once a user can edit a page, he can edit everything in it.

There are cases where so much freedom is not necessary, and even harmful. Authoritative pages, for example (official documentation, quality procedure page, homepages, team leader's motto page,...), are generally edited only by some authority. Feedback would be welcome from non-authority people, such as comments pointing out an error, ambiguity, inconsistency... but those non-authoritative people shouldn't be allowed to edit away the original page. Leave it to the authority to read the feedback and act accordingly (potentially ignoring it).

The "comment" feature sounds like a good way to do that: at least starting from 2.4.0, the "Add comment" link brings a blank text area, where the user can only add a comment (not edit the page nor previous comments).
However, this link is only present when the user has "edit" rights, so anyone who can comment can also edit the page right away.
That's a nice feature anyway, but I'd like to go further and have a "comment" acess level (implied by "edit", and that implies "view").

A typical configuration for me would be: anyone (guest) can comment, only an "Editor" group can edit.
-- [JDuprez] and I can imagine a nice anti-spam medium based on this policy...