[pmwiki-users] identify current authorization level

Sat Aug 5 23:28:19 CDT 2006

Patrick,

Re page refresh in the presence of $EnableIMSCaching=1, Dominique's 
solution combined with yours works as expected in IE:

I add the following to farmconfig.php:

$HandleActions['logout'] = 'MyLogoutHandler';
function MyLogoutHandler($pagename, $auth = 'read') {
 global $EnableIMSCaching;
 $EnableIMSCaching = 0;
 HandleLogoutA($pagename, $auth); # call the legit handler
}

...

include_once('local/config.php');
$pagename = ResolvePageName($pagename);
$isEditAuthorized = (boolean)RetrieveAuthPage($pagename, 'edit', false, 
READPAGE_CURRENT);

...

IOW the page displays according to non-author layout until login, then 
displays according to author layout after login, then displays to 
non-author layout after logout.

FF seems to only do some kind of partial refresh after page logout, 
otherwise it works well. The workaround for the logout problem in FF is 
to get authors to log out twice(!). Presumably this is something that 
just needs tweaking somewhere. I haven't had time to trace it.

----

WRT to the authorname disappearing after logout, I see your logic, but I 
disagree with it. The Author name in the cookie is for convenience of 
the user at the machine. It should be available if logging back in from 
the same machine, IMO. Bit of a PITA to logout to see the user's view of 
the page, then login again to see the author's view/edit something, just 
to have to enter the author name again before saving (I have 
$EnablePostAuthorRequired = 1;).

IAC, progress. I've deployed this change, so that I can get on with 
evolving the versions of the pages (author menus, and links for source 
pages when "include"d, cleaner look for readers).

Thanks for all your help.

Best,

- Henrik

Henrik Bechmann
www.osscommons.ca
www.bechmannsoftware.com
Webmaster, www.dufferinpark.ca

Patrick R. Michaud wrote:
> On Thu, Aug 03, 2006 at 02:43:02PM -0400, Henrik Bechmann wrote:
>   
>>    Patrick,
>>
>>    >>Try turning $EnableIMSCaching off and see if the $isEditAuthorized
>>    appears correctly.
>>
>>    Yes that works.
>>    [...]
>>    But is there some way of
>>    determining that the redirect came from a logout, and forcing a refresh?
>>     
>
> There's really two ways to do it:  1. We can include some information in the
> redirect url, or 2. we can include a session variable that makes things work
> properly with EnableIMSCaching.  
>
> The first approach isn't pretty, and doesn't really solve the problem anyway
> because it's not just the current page we want to expire from cache but
> all of the pages that the browser may have cached.  So, that really argues
> for the second approach, and it probably needs to be available for both
> login and logout, since both cases will affect the cache.
>
> And it probably belongs in the core somehow.
>
> As a temporary workaround, you could either run with $EnableIMSCaching
> disabled, or you could try:
>
>     if ($action == 'logout') @touch("$WorkDir/.lastmod");
>
> This will invalidate the cache on any logout.  Unfortunately, it
> does so by invaliding the caches of all browsers, not just the one of
> the person who logged out, so it's a bit of an overshoot.
>
>   
>>    Also, for future reference, a side effect of something
>>    (include_once('local/config.php')??) is that the author name is being lost
>>    between edit states, so the user has to re-enter it all the time -- not
>>    true before (I have $EnablePostAuthorRequired = 1;) .
>>     
>
> Well, ?action=logout causes the browser to forget the author name.  But 
> if you mean the author name is being lost even for someone who remains
> logged in, I'm not sure why that would be happening.  You might try
> explicitly doing  include_once("$FarmD/scripts/author.php");  .
>
> More later,
>
> Pm
>
>
>   