[pmwiki-users] pmwiki-2.0.beta50 released
Patrick R. Michaud
pmichaud at pobox.com
Wed Jul 20 13:15:23 CDT 2005
I've just released pmwiki-2.0.beta50, which primarily provides
improvements to the authorization semantics. Below are the major
changes since the last announcement (2.0.beta44).
There have been two major improvements to the authorization
semantics in PmWiki:
1. The $HandleAuth array can be used to set the authorization
level required for executing a corresponding action. For example,
setting $HandleAuth['diff'] to 'edit' means that edit
authorizations are required to view the page history (?action=diff).
Similarly, setting $HandleAuth['source'] to 'admin' means that
only the admin would be able to use ?action=source.
2. Passwords can now "cascade" -- that is, if a page sets a
'read' password but not an 'edit' password, then the read
password is also used as the edit password. Similarly, if a
page sets an 'edit' password but not an 'attr' password,
then the edit password is also used as the attr password.
This resolves situations where authors set an edit password
on a page but don't set a corresponding attr password -- the
edit password becomes used for both.
This does not change PmWiki's other passwording characteristics --
i.e., page passwords still override group passwords, and group
passwords still override site passwords. Password cascading is
only used where there's no page, group, or site password set
for a given authorization level.
If this all sounds confusing, well, it is. Authorization is
just a tricky business, and we'll find ways to make it all
somewhat less confusing. But the bottom line is that PmWiki
now generally protects things the way people would expect it to.
In addition to changes to authorizations, this release adds
a Content-Disposition header for attachments that are retrieved
through PmWiki (e.g., when $EnableDirectDownload is zero).
Comments, suggestions welcome as always.
More information about the pmwiki-users