[pmwiki-users] identify current authorization level

Thu Aug 3 14:35:07 CDT 2006

... FWIW it works like a charm in IE. Go figure.

Henrik Bechmann
www.osscommons.ca
www.bechmannsoftware.com
Webmaster, www.dufferinpark.ca

Dominique Faure wrote:
> On 8/3/06, Henrik Bechmann <henrik at bechmannsoftware.com> wrote:
>>
>>  Patrick,
>>
>>
>>  >>Try turning $EnableIMSCaching off and see if the $isEditAuthorized
>> appears correctly.
>>
>>  Yes that works.
>>
>
> The best way to catch an action is to register your own handler for
> it. Please have a try with the following (untested) code:
>
> $HandleActions['logout'] = 'MyLogoutHandler';
>
> function MyLogoutHandler($pagename, $auth = 'read') {
>  global $EnableIMSCaching;
>  $EnableIMSCaching = 0;
>  HandleLogoutA($pagename, $auth); # call the legit handler
> }
>
> Regards,
> Dom
>
>
>
>>  I also tried the following (with $EnableIMSCaching set to true or 
>> false):
>>
>>  if (isset($_GET['action'])) $useraction = $_GET['action'];
>>  elseif (isset($_POST['action'])) $useraction = $_POST['action'];
>>  else $useraction = 'none';
>>  echo 'useraction='. $useraction;
>>  if ($useraction=='logout') {
>>   $EnableIMSCaching=0;
>>  }
>>
>>  I use $useraction because $action seems to be set to 'browse' a lot, 
>> and I
>> was trying to get behind it.
>>
>>  But, this code never sees the "logout" value (or at least it never gets
>> echoed, even with $EnableIMSCaching set to false), presumably because 
>> of the
>> redirect generated by the logout action. Not sure it would work anyway
>> without clearing the browser cache first. But is there some way of
>> determining that the redirect came from a logout, and forcing a refresh?
>>
>>  I'm using Firefox, but the solution would have to be cross browser
>> compatible.
>>
>>  Also, for future reference, a side effect of something
>> (include_once('local/config.php')??) is that the author
>> name is being lost between edit states, so the user has to re-enter 
>> it all
>> the time -- not true before (I have $EnablePostAuthorRequired = 1;) [I'm
>> just working in a test environment of course]. I'm presuming that if 
>> nothing
>> else I could jam all this into a function and call it from the 
>> template, so
>> as to allow config.php to be called after farmconfig.php. But that's for
>> later...
>>
>>  Is my quest here legitimate?
>>
>>
>>  - Henrik
>>
>>  Henrik Bechmann
>> www.osscommons.ca
>> www.bechmannsoftware.com
>> Webmaster, www.dufferinpark.ca
>>
>>
>>  Patrick R. Michaud wrote:
>>  On Thu, Aug 03, 2006 at 01:00:45PM -0400, Henrik Bechmann wrote:
>>
>>
>>  I have the sequencing figured out.
>>
>>  Here's my code in farmconfig:
>>
>>  include_once('local/config.php');
>>  $pagename = ResolvePageName($pagename);
>>  $isEditAuthorized = (boolean)RetrieveAuthPage($pagename,
>> 'edit', false,
>>  READPAGE_CURRENT);
>>  echo ' value='.$isEditAuthorized;
>>
>>  I think there may be two problems.
>>
>>  1. I'm not using (and don't want to use) authuser.php. My author 
>> group is
>>  quite content with the simple base password protection.
>>
>>  Excellent -- I think running without authuser.php is better in 
>> general. So,
>> that's one less thing to worry about.
>>
>>
>>
>>  2. $isEditAuthorized still returns true *after* logout (&action=logout)
>>  per the above echo statement. [...] I'm just finding that clearing the
>>  browser's cache fixes that, but I don't understand why, and I can't 
>> ask my
>>  users to clear their browser cache whenever they logout. Is the echo of
>>  $isEditAuthorized returning true because the echo is part of a 
>> cache, when
>>  in fact $isEditAuthorized is false on the server?
>>
>>  I'm pretty sure you're seeing the browser's cached version of the page,
>> before the logout occurred. On the server $isEditAuthorized is certainly
>> false.
>>
>>
>>
>>  I have $EnableIMSCaching=1; in my farmconfig.php so that page 
>> location is
>>  preserved when the user returns to a page.
>>
>>  Aha, this is very likely the issue. ?action=logout is issuing the 
>> redirect,
>> and the browser thinks it already has the page in its cache and displays
>> that one (i.e., the one before the logout). Try turning 
>> $EnableIMSCaching
>> off and see if the $isEditAuthorized appears correctly. If that works,
>> then maybe we can find a way to get ?action=logout to work with IMS 
>> caching.
>>
>> Also, what browser are you using? Both IE and Mozilla/Firefox have their
>> own little caching quirks.
>>
>> Pm
>>
>>
>>
>>
>>
>
>