Developers of Sympa

[Maurice Massar <address@concealed>]

On Mon, Dec 04, 2006 at 08:41:17PM +0100, Serge Aumont wrote:
> Maurice Massar a écrit :
> >On Mon, Dec 04, 2006 at 05:47:30PM +0100, address@concealed wrote:
> >>Maurice Massar a e'crit :
> >>    
> >>>we want to change the behavior of add to require a confirmation by the
> >>>subscriber in question. If I'm not mistaken the "add.auth" scenari only
> >>>requests auth from the listowner. Further this is different from
> >>>"invite" as an acknowledged "add" challenge should not require owner
> >>>confirmation (if the list is configured to subscribe.*owner)..
> >>>
> >>>any suggestions on how to do this?
> >>>       
> >>Why not use invite limited to list owner ? I can't understand where this 
> >>is defferent from what 
> >>you want.
> >>    
> >
> >invite is different insofar that even an invite sent by the list owner
> >must be acknowledege by the list owner. 
> Not true : this is not hardcoded but configured in a scenario named 
> invite.xxx where xxx is what 
> you apply to the list configuration. You may change it going to the list 
> admin menu > privileges 
> then eit the invite section. Remeber that if you modify or create a 
> scenario, you must restart 
> sympa or touch (change the date) of the list config file.

not quite..

consider a list to:
add closed
invite owner
subscribe auth_owner

Now, an listowner loggs in to the web-interface and invites some user
(hmm.. ignoring the fact that there is no invite button in the
web-interface, and the forbidden "add" button is still there):

1) authenticated owner tells sympa to invite address@concealed
2) sympa sends a mail to address@concealed containing:
     $command = "auth $keyauth sub $which $comment";
3) address@concealed replies to sympa with this token
4) sympa sees the list is configured to auth_owner and send to owner:
     'keyauth' => $list->compute_auth($sender,'add')
5) owner issues add with corresponding token
6) sympa sees the list is configured add.closed and denies the request.


According to http://www.sympa.org/doc/html/node15.html an action in a 
scenario can be:
<action> ::=   do_it [,notify]
             | do_it [,quiet]
             | reject(reason=<reason_key>) [,quiet]
             | reject(tt2=<tpl_name>) [,quiet]
             | request_auth
             | owner
             | editor
             | editorkey[,quiet]
             | listmaster

I don't see a way how to let "add" generate a challenge to the
subscriber (after having identified the listowner with md5 or smime).
Neither how to allow "subscribe" which was a response to an "invite".
Nor how to deny quiet adds...

Did I miss something somwhere?

thanks & cu
maurice