Page Setup

Setting up the pages: Necessary tags
Filters
Checks
Configuring ComfyEdit: Setting up file permissions; Security

The individual pages you want people to be able to edit have to be set up for ComfyEdit. Once you've done that, you can continue on to Giving users access.

Setting up the pages

Necessary tags

ComfyEdit edits pages according to comments you place inside the page to be editted. These comments can be very simple. For instance, let's say you have a page with store hours on it, and you want someone to be able to change it for holiday hours and such. A snippet of the HTML might look like:

Rita's Rodent Ranch is located at 1024 S. Wilson Ave.. We can supply all your hamster, rat, and rabbit needs! Our hours are:  10:00am - 7:00pm  
(emphasis added, of course)

There's some more options, but if that seems sufficient for your uses you can continue on to configuration.

The syntax is borrowed from Dreamweaver. Actually, Dreamweaver's templates work the same way, so if you make a template in Dreamweaver and edit it with ComfyEdit, you'll be allowed to edit all the portions that are marked editable in the template. This might be useful...?

You can put these editable regions anywhere in the document, the only restriction being that if you put them inside an HTML tag browsers would barf on it. (So you can't allow people to edit only the keywords of a document) You can allow people to edit the title, pieces of the body, or whatever.

The name is optional, and using name="something" can be shorted as just "something" as long as it's the first thing after BeginEditable. You can even leave out the name, and the section will just be labeled item #.

Of course, you can have more than one editable region in a page.

You can also give some options as to how the editting form will appear:

rows: The number of rows that the textarea will have. If you put it at 1, then you'll get a simple text input.
cols: The width of the textarea. (size is a synonym for this if rows is 1)
wrap: Controls how textarea wraps. off means that words won't be wrapped at all. soft means that the browser will wrap words, but will only return newlines where the person actually hit enter (the default). hard means the browser returns all the newline at every break, even breaks that occured because of word wrapping.

Filters

Filters allow you to insulate the user from some of the HTML that might be involved. To use a filter, use filter="filtername" .

There's two filters included:

paragraph (filter="paragraph"):  will be converted to two newlines, and double newlines will later be converted into 's. This is enough to allow people to edit basic paragraphs without knowing HTML.
linebreak (filter="linebreak"): converts all  's to single newlines and visa versa. Allows more control over how lines end than paragraph, but the output will often look chopped off.

You can add more filters quite easily. Look in filter.py, there are instructions at the top of the file. (If you make generally useful filters, mail me and I'll include them)

Checks

You can define checks that must be satisfied before a user can save their change. This is done as check="somecheckname". If the check fails, the user is given an error message and another chance.

I don't currently have many useful checks. You'll have to write your own as appropriate.

You can add your own checks. Look in checks.py, there are instructions at the top of the file. (If you find some checks particularly useful, mail me and I'll include them)

Configuring ComfyEdit

There is very little configuration required for ComfyEdit. If you edit the (text) file comfyedit.cgi, you will find a line near the top that looks like:

allowed_directories=[""]

This is a list of paths and filenames that can be editted. You can use normal file-globbing characters, like *.html and so on. A * at the end of a path will match all pages, all subdirectories, and all the pages in those subdirectories.

Example: if you want people to be able to edit any files under /var/www and /home/bob, and the particular file /home/jane/public_html/contact.html:

allowed_directories=["/var/www/*", "/home/bob/*", "/home/jane/public_html/contact.html"]

Note: this is only half the process for allowing editting. You can still only edit files that have the proper permissions (as described in the following section).

If you want to do other configuration, you can fairly easily edit the colors used in the browser, all of which are located near the top of the comfyedit.cgi file. You can change the appearance of the editor by changing html/edit_header.html and html/edit_footer.html

Setting file permissions

(These sections of the instructions strongly assume a Unix system. If you know how this is done on other types of systems, tell me and I'll include that information)

In order for ComfyEdit to be able to edit files, it has to have permission to write them.

The web server -- and all CGI scripts -- usually run as the nobody user (though not always -- on Debian it's www-data). So the nobody user has to have permission to write the file. One way to do this is to allow anyone to write to the file:

% chmod a+w somefile.html

Another, somewhat more secure method is to change the file's group to nobody and then allow that group to write the file:

% chgrp nobody somefile.html % chmod g+w somefile.html

ComfyEdit tests if you have permission to write to a file, and doesn't let you edit a file if not.

Security

If you've done all that, you've just added a big security hole to your system. (Maybe I should have told you that earlier). Anyone who knows the necessary URL can go and change all sorts of pages. I'd strongly advise password-protecting the comfyedit directory and/or the comfyedit.cgi file. Many ISPs have programs you can use to do this. For Apache, you can look at some instructions from a Kent State site or some of the reference documentation from the Apache site.

(If you have more pointers for other web servers or environments, mail me and I'll include them)

installation giving users access

Ian Bicking

Last modified: Thu Aug 24 14:28:47 CDT 2000