[pmwiki-users] password question
nospam at eton.ca
Tue Mar 28 08:44:28 CST 2006
At 2006-03-28 03:29 PM +0100, Hans is rumored to have said:
>Tuesday, March 28, 2006, 1:46:55 PM, Neil wrote:
> > I think I need a test that says something like:
> > "if the user's password array includes the shared edit password they
> > must need an admin password to do the action they are trying, so
> > prompt for that"
> > It's not the action that matters, it is whether they have already
> > entered the shared edit password.
>Perhaps something like this, using the cascade of privileges:
>(:if expr auth read && !auth edit && !auth admin:)you need an edit
>password to edit this page
>(:if expr auth edit && !auth admin:)you need an admin password to
>(:if auth admin:)you have all the privileges!(:if:)
thanks for the suggestion. This is more or less what I've already
tried. The problem is, (:if auth !auth edit:) does not do what you
might intuitively expect, namely, test to see if the user has entered
an edit password. It tests to see if any of the (possibly many)
passwords in the user's password array matches the edit password
required for the current page.
So, for example, if you set a default edit password for the whole
wiki in config.php everything works fine until you try to edit a Site
page. The Site pages are locked to editing through the famous "*"
password. The only way you can edit them is to supply an admin password.
But the test (:if auth !auth edit:) will indicate that an edit
password is needed! Hence my dilemma.
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668
More information about the pmwiki-users