[Pmwiki-users] Re: Edit password also used to read pages in PmWiki 2?
Patrick R. Michaud
Fri Nov 19 07:18:30 CST 2004
On Fri, Nov 19, 2004 at 02:48:53PM +0100, chr at home.se wrote:
> So what happens if you go directly to a URI like
> http://... ?action=edit
> without having visited the site before? I assume you'll be asked for the
> edit password?
> And then when you've saved the page you're asked for the read password?
Believe it or not, this isn't entirely as farfetched or unintuitive as
it might sound. There are situations in which being able to edit a page
doesn't imply that you know the page's entire contents when it's displayed
via ?action=browse -- consider (:include:) and its relatives. Currently
(:include:) will insert the contents of another page only if the user
has previously entered any read passwords for that page, and included
pages won't generate password prompts. So, entering the read password
for the page just edited might be an important step to enabling access
to other pages or features it includes or references.
That said, I might make this into a customization option of some sort,
so that an administrator can set "edit implies read", "attr implies
all" policies to be used by the passwording mechanism.
More information about the pmwiki-users