[pmwiki-users] CMS Behavior in AuthUser . . .

[Ben Wilson]

On 12/30/05, Patrick R. Michaud <pmichaud at pobox.com> wrote:
[self-snip]

> Cool.  Some comments:
>
> * In the Site.CMSMenu page...
>     - The first (:if:) can be eliminated
>     - It's not clear what $UACEdit, $UACAdmin, etc. are supposed to be

Hmm, I just reread the conditional behavior. I've been using '(:if:)' 
to close conditionals--sort of like 'FI' in bourne.

> * Pages in the Site group are normally protected against editing
>   except by admins, so I don't think the Site.CMSMenu page needs
>   its own protection.  It should just inherit the protections of
>   the Site group.

I sit corrected. :-) Since I am already in '@admin,' I did not notice.
I'd say about two-thirds the time I don't RTFM, and the other third
either the documentation is slight or I have problems
misunderstanding--typically the latter. But, that's more my own
ability to misunderstand patently obvious English at unexpected times.
(This is a gift when ye olde wife asks me to do something!)

> * To do localization, just put $[...] around any text you want
>   to be localizable.

I tried that, but the result was a bit odd. It show the localization
text with an extra ']', perhaps because it would look like
[[{$FullName}?action=edit|$[edit]]]. Not sure if I did something wrong
or there's a slight cough in the markup translation. Having just tried
it again, I found that I omitted the '$', so now it works. I updated
the recipe to boot.

> > PM, it would be nice if we also had the ability to if-then off the
> > user's group(s). Is that an easy feature?
>
> I'm thinking it might not be too difficult, although I wish
> we could re-use (:if authid:) for it and not have to create
> a new conditional.  Perhaps it would work if we did:
>
>     (:if authid alice:)       -- user is authenticated as "alice"
>     (:if authid *:)           -- user is authenticated (any username)
>     (:if authid:)             -- user is authenticated (any username)
>     (:if authid @editors:)    -- user is in @editors group

I like this approach. At least to me, it is intuitive.

On a personal note, the recent wave of improvements have heightened
the quality of PmWiki greatly. I'd been planning to recode a new
solution for UserAuth and CMS Like that would allow administration of
entire farms with per-field control--and to be able to use "vanilla"
PmWiki (i.e., no LDAP or mySQL). It seems that AuthUser has beaten me
to the punch. Once I create a new way of implimenting the farm-centric
security protocol (from my older UserAuth/CMSLike), I'll be spreading
it to the several sites I manage.

Right now I have it where several sites share the same basic
farm-structure and jointly share security protocol (with site-specific
users). The Groups feature fixes most of my issues outright. The
web-interface (i.e., Site.UserAuth) solves my problems with UserAuth's
.htpasswd. Being a law student, I don't have a lot of time to monkey
with a cludgy system. I thought UserAuth was a bit cludgy, and I was
creating work-arounds. I don't think that's a problem now with
AuthUser.

By cludgy, I mean I wanted a system where I could carry over
authentication from one wiki-field to another, or from one site. I'd
like to do this without having to shell over to the server. I figure
that would require a farm-wiki.d/Site.AuthUser similar to
farm-config.php that is supplimented by the wiki.d/Site.AuthUser as
config.php does. That is, have a user universally a member of group
'horse,' but in one farm also be a member of group 'clydesdale.'

(See http://www.pmwiki.org/wiki/Cookbook/WikiFarmAlternative for how I
do multiple sites-same install with easy upgrade.)

--
Ben Wilson
" Mundus vult decipi, ergo decipiatur"