disconnect when pasting text due to "Trying to submit changes as another author"

[micah]

Using 1.2.9, I found that if you copy text that someone else wrote, and then attempt to paste it in the pad somewhere else, you get forcibly disconnected from the pad and then the following is put into the log:

[2013-04-02 08:28:40.791] [WARN] console - Can't apply USER_CHANGES Z:bgh>4l|6y=cf4_0+p_1+re$* the text that was copied and pasted is replicated here., because: Trying to submit changes as another author

[micah]

I forgot a couple lines from the log:

[2013-04-02 08:28:40.973] [INFO] socket.io - transport end by forced client disconnection [2013-04-02 08:28:40.973] [INFO] socket.io - transport end (booted)

[marcelklehr]

If we'd allow that you could simply write as another author.. which is a huge security issue... the solution for this would be a fourth OT operation: move..

[JohnMcLear]

Hrm, would it not make sense for the paste contents to be owned to whoever initiates the paste? That would be a compromise.. I mean, Copy/pasting can completely change the context of a phrase.

For example..

My dog ate the tree.

Can be changed to

My tree ate the dog

Without it being made clear to the pad visitors it wasn't the original author that made the change

Both of these statements are equally alarming but only one is of interest to animal welfare organizations.

[marcelklehr]

Yes, but in the past there have been enormous efforts to retain authorship when copying and pasting content...

[marcelklehr]

pr that introduced this: #1622

[micah]

It seems to me that if whoever pastes into the pad, the pasted text should be attributed to the person who pasted the text, because that person made the change. Who cares where the text originally came from? When I copy text from a web page written by someone else, I do not expect the author of that web page text to be attributed in Etherpad... in the same way I would not expect that if I pasted something in the pad that someone else wrote somewhere else in the pad, should that original author retain the authorship annotations (which is how it is now, although with the rather rude booting)

[JohnMcLear]

I actually agree.. Perhaps this is something that needs to be under a flag/plugin if you want to maintain the authorship colours on paste.

[marcelklehr]

please don't introduce an option... Let's just remove that behaviour.

[micah]

I agree, I dont know of any reason why that behavior should be kept, but if someone were convinced me otherwise with a good case for it to exist, then I would say an option would be fine, but defaulted off.

[JohnMcLear]

Okay sounds like we're in agreement @marcelklehr can you open a PR reverting your change please?

[marcelklehr]

WUT!? I want me to revert the security fix?

[JohnMcLear]

We can chat later on IRC about this :)

[JohnMcLear]

So I don't want you to remove the security fix but I want pastes to be represented as the paster not the original author :) Is that possible?

[marcelklehr]

Should be, but I don't have clue where to find the piece of code that is reponsible for this. ;)

[JohnMcLear]

Here is my proposal.. It's a BIG job.. http://mclear.co.uk/2013/04/06/getting-author-ownership-right-in-a-collaborative-editor/ (TL;DR: "[…] My proposal states that a character has an 'author' and 'editors'")

Is it possible? Until we can draft that up do you think we should revert your security commit or?

An ideal interim solution is to rewrite author colors on paste.

[marcelklehr]

no. I don't think we should revert it.

[JohnMcLear]

Things to note:

• Undoing Cut / Paste of another authors content causes an error. IE Author A types something, Author B deletes it, Author B hits Control Z.
• Dragging content that has multiple authors causes an error IE two authors write on a span and we try to move that
• Cut / Copy / Paste of content that contains more than one author causes an error

So TLDR; you only get these errors if the content contains more than one author unless it's an undo in that case author B is disconnected.

[JohnMcLear]

A quick fix for this is to force changes from the author to always show as that author (on the server), instead of dropping the client we can just change the author of the change.

[marcelklehr]

Is there a reason why this is still open?

[JohnMcLear]

Don't think so :)