Forum OpenACS Q&A: Re: Groups -- the public, unregistered users, permissions

Collapse
5: Re: Groups -- the public, unregistered users, permissions (response to 1)
Posted by Eric Wolfram on 06/14/03 09:19 PM
If not allowing anonymous posting what would you expect the behavior to be?

That's a very good question with more then one answer. Q: Which answer is the best? A: The one the user expects.

Of course, the users don't always get what they want because these are difficult problems to many different expectations. As an admin of one of these sites, we naturally want easy unlimited flexibility -- so don't listen to me 😊 Seriously, what should the behavior be? What's best in a forum that requires login? The quick and simple answer is: Don't give unregistered users the choice to post at all.

Personally, however, it doesn't bother me when I'm asked to set up an account after I've invested in writing a reply, because the topic obviously interests me and I can always (or usually) give them a fake email address from http://www.spamgourmet.com/ (disposable email address! btw) if I don't trust the site.

So it seams to me that it's okay to let unidentified users to compose a post before asking them to login, however, the user should be warned, probably on the "confirm" step, that login will be required after they confirm. "If you don't log in, your post will not be published" (or requires approval...which is another thing and probably the subject of another thread even *).

Considering all, I think that when the system is set to allow the public to post, the user would be given a radio button choice as they confirm the post, to either login/register or to "post anonymously."

Actually, here's how it would work in a perfect world (I'm not saying this is practical on OpenACS or that the system needs to allow this easily.) Ideally, the system would only ask the user for information when necessary. An unregistered user clicks "post" or "reply" and lands on the form. The form would include an optional field asking for email address because the system is attempting to discover who this user is. The Confirm page would then ask for either a password if the email is already a user, or the user would be given the radio button choice to either post anonymously or "join". If the user gave what appears to be a valid email address, they would be opted into: I want to join and post. If the user left the email field blank then they would be opted to: I want to post anonymously.

Yellow or Red highlighted text is good, visually, for setting the users attention. I'm probably going to add that warning on top of all the confirm pages because the user isn't scrolling down in long posts to see the confirm button. I give the bold tag a different class in my css file to highlight things.

* As an admin of community sites, I would want anonymous contributions to post immediately when the community is small, however, if it became a problem, or when the community grows, I may want anonymous posts to require a moderator approval before appearing -- like the ACSnews module is configured. That delay would be the price that the user pays for posting anonymously. I would only want to toggle it to moderator or login required if we were getting spammed or harassed.