[pmwiki-users] Permission structure

Joachim Durchholz jo at durchholz.org
Wed Jun 22 01:49:25 CDT 2005


Patrick R. Michaud wrote:
> 
> [...] I'm intending that each action will be able to provide the set
> of permission levels it needs to check before authorizing access.
> For example,
> ?action=edit needs to check both 'edit' and 'read' permissions,
> ?action=auth should check 'auth', 'edit', and 'read', 
> ?action=upload should check 'upload' and 'read',
> ?action=comment should check 'comment' (or 'append'), 'edit', and
> 'read', etc.

I wouldn't want the actions to hardwire the permissions that they 
require. Providing a default would be fine, but the administrator should 
be able to override it. (For example, the ?action=comment policy might 
vary across sites, or even within a site.)

Here's a rough sketch of how I'd like to have that live and in action:

1) There are three sets involved here: a set of actions, a set of 
permissions, and a mapping of permissions to sets of actions.
2) The set of actions is non-configurable, it is built from the PmWiki 
core and any recipes installed.
3) The set of permissions and the mapping are configurable, with a default.
4) The mappings are from permissions to sets of actions.
5) Permissions are additive: if a user has two different permissions, 
and these map to different sets of actions, then the user can do any 
action that's in either permitted action set.

Regards,
Jo



More information about the pmwiki-users mailing list