[pmwiki-users] UserAuth vs. AuthUser
design at flutesong.fsnet.co.uk
Thu Jun 30 00:09:46 CDT 2005
Thursday, June 30, 2005, 12:36:17 AM, Jeremy wrote:
> Are there any plans to offer per-group security in AuthUser like
> UserAuth provides? For example, in UserAuth I can specify that user
> Bob is the only one (besides Admin) who can view, edit, upload, etc.
> to the TopSecret group, but anyone can do anything with the WideOpen
> group. In UserAuth it all seems to be done in the .htpasswd file
> (it's the last field on each user line), but it'd be cool to be able
> to do this in AuthUser, especially config.php as well, e.g.
> $DefaultPasswords['edit_group-TopSecret'] = 'id:Bob';
Pmwiki offers per group security via setting passwords in the
GroupAttributes page, and per page security via setting passwords in
the pages's attributes, through ?action=attr, for any relevant page
action, like "read", "edit", "upload" and "attr" accesss.
With AuthUser you associate passwords with names, so you can give Bob
read and edit access to the TopSecret group by setting in the group's
GroupAttributes page (TopSecret.GroupAttributes?action=attr) in the
read and the edit field "id:Bob". You can add that to existing
passwords or id's.
Main point with AuthUser is that it associates passwords with names,
but it does not set any passwords for any action anywhere. It just
provides an addition to the existing system, by checking for
name/password pairs, in addition to any passwords specified.
More information about the pmwiki-users