[pmwiki-users] Using Site.AuthUser for Controlling Access to wiki Page Groups

Sivakatirswami katir at hindu.org
Mon Dec 18 05:05:02 CST 2006



skts wrote: >> Perhaps all this is already present in the framework and
someone >> can jus point me in the right direction. I *could* use PMwiki
>> password but then you have to configure every single group, and if
>> >>
you make a new group you have to go and configure that one... you >>
need to keep an offline list of users and what password you have >>
assigned to what groups etc. whereas doing all this at >> Site.AuthUser
would be marvelous.

Ian Barton wrote:

> You can use the GroupName.GroupAttributes to set permissions for a >
whole group. This can contain user groups that you have set in >
Site.AuthUser. To restate your problem slightly:) I think you want >
some mechanism of automatically creating GroupName.GroupAttributes >
prefilled with the Site.AuthUser groups to give correct permissions. >
Ok will look into that... I just tried it on my box (I test on OSX...)
http://127.0.0.1/zap/Staff.StaffAttributes but i get a 404. So, I'm not
getting you....

Actually what I'm looking for is everything on one page -- Site.AuthUser
page.

e.g. if you create a new group "HighLevelClearanceRequired"  then you
need to set the read and edit to your @MostTrusted group of users in
that groups attributes.

Then you have another group "AnyoneCanReadThisStuff"   So then you have
to set it up once to allow @GeneralPublic  users to read only and
@MostTrusted group of users to read and edit...

OK... so by the time you go thru doing this on 20 groups... where is
your documentation? the user-authorization map for who has access to
what groups? How will I tell someone else (even myself, six months later)
  what I have done?... what file
can they look at to see the access privileges "schema" for all groups in
the entire wiki. (pass words encrypted of course) with comments on why
the decisions were made for the privileges set up for each group...

I  *could* (will need to in the absence of anything else) keep this file
offline as a record for myself, but it would be so efficient if   on a
single page we were able to set the access privileges to all groups  on
the wiki, individually *from* that  page.

So, (dreaming) then you open Site.AuthUser and there it all is, in one
place:

ACCESS PRIVILEGES BY GROUP:

(:groupaccess group=AnyoneCanReadThisStuff @GeneralPublic=Read
@MostTrusted=Read,Edit:) (:groupaccess group=HighLevelClearanceRequired
  @MostTrusted=Read,Edit:) (:groupaccess group=CookieRecipes
@GeneralPublic=Read @AllMyMoms=Read,Edit :)

etc.  such that  in a single location, all access privileges  to all
groups are declared and from there, implemented automatically. Generally
speaking we are not talking about Nuclear Bomb Launch Codes, or Access
Codes to Corporate Bank  accounts. but just a general management of what
some people  should see and what others really don't need to know
about... so having it all on one Site.AuthUser page will suffice from a
security point of view. Passwords are encrypted  anyway, so even if
someone did get all that info, they could not do much with it

I'm very new to this auth business and could be missing something, let
me ask it as a question: after six months of  making new groups, setting
their attributes... where in PMWiki is all this information available
for review-editing in a single pass? without having to sit there and do
a manual edit attri for each group?

TIA

Sivakatirswami







More information about the pmwiki-users mailing list