[pmwiki-users] password question

Neil Herber nospam at eton.ca
Tue Mar 28 08:44:28 CST 2006


At 2006-03-28  03:29 PM +0100, Hans is rumored to have said:
>Tuesday, March 28, 2006, 1:46:55 PM, Neil wrote:
> > I think I need a test that says something like:
> > "if the user's password array includes the shared edit password they
> > must need an admin password to do the action they are trying, so
> > prompt for that"
>
> > It's not the action that matters, it is whether they have already
> > entered the shared edit password.
>
>Perhaps something like this, using the cascade of privileges:
>
>(:if expr auth read && !auth edit && !auth admin:)you need an edit 
>password to edit this page
>
>(:if expr auth edit && !auth admin:)you need an admin password to 
>change attributes
>
>(:if auth admin:)you have all the privileges!(:if:)

Hi Hans

thanks for the suggestion. This is more or less what I've already 
tried. The problem is, (:if auth !auth edit:) does not do what you 
might intuitively expect, namely, test to see if the user has entered 
an edit password. It tests to see if any of the (possibly many) 
passwords in the user's password array matches the edit password 
required for the current page.

So, for example, if you set a default edit password for the whole 
wiki in config.php everything works fine until you try to edit a Site 
page. The Site pages are locked to editing through the famous "*" 
password. The only way you can edit them is to supply an admin password.

But the test (:if auth !auth edit:) will indicate that an edit 
password is needed! Hence my dilemma.

>

Neil

Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668 





More information about the pmwiki-users mailing list