[pmwiki-users] password prompt problems perplex people - redux
nospam at eton.ca
Sun Mar 26 12:54:17 CST 2006
I am posting this again because I did not make it clear on my
original post that I was looking for a possible solution to this problem.
On site X, visitors are required to enter a read password to access
the site. If they later click on an edit link, they get a nice
prompt for an edit password. But if they try to edit a page in the
Site group, my prompt logic falls on its face.
At the top of Site.AuthForm I have:
(:if !auth read:)'''$[A password is required to read this page]'''
(:if [ auth read and !auth edit ] :)'''$[An edit password is required]'''
(:if [ auth read and auth edit ] :)'''$[This request requires an
The thinking behind this logic is:
(:if !auth read:) - this must be the first attempt to look at the
wiki, so they need to enter the read password, so prompt for a read password
(:if [ auth read and !auth edit ] :) - they have a read password but
they don't have an edit password, and the only way they would get to
this point is if they were trying to edit, so ask for an edit password.
(:if [ auth read and auth edit ] :) - they are being asked for a
password, but they already have both a read and an edit password, so
they must need an admin password - ask for that.
There are 2 problems with this logic:
1) If the action they are performing requires an admin password and
they only have a read password, they get a prompt for an edit password.
2) The third line "admin" password test does not work as expected on
the Site group, though it does seem to work on other groups. On the
Site group it continuously displays "An edit password is required"
when it actually requires an admin password.
I think both problems are a result of the way PmWiki does the tests
for authorization levels. It is not directly testing to see if the
user has already entered a read or edit password, it is testing the
contents of the user's password array against the passwords
authorized to allow the requested action on the page in question. Is
my interpretation close to correct?
If it is correct, then I cannot think of any way to test for the
"admin" case in a structure like the one I have shown above.
I think the best I can do is check for the group, and if it is Site,
ask for an admin password.
Comments, alternate solutions, and corrections gratefully received!
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668
More information about the pmwiki-users