[pmwiki-users] Rethinking passwords and authorization

Patrick R. Michaud pmichaud at pobox.com
Tue Oct 10 16:27:04 CDT 2006

On Tue, Oct 10, 2006 at 05:10:35PM -0400, Neil Herber wrote:
> If the wiki is not using AuthUser, then only passwords apply and 
> everything stays like it is now.
> If the wiki is using AuthUser, then they may allow by authenticated 
> id, by user group, or by shared password.
> When someone displays the "attr" page, instead of having a single 
> "password" box per "level" (level being read, edit, etc. - not sure 
> of the correct word here) there will be 3 boxes per level -  one for 
> passwords, one for ids and one for user groups.

I've been using "authorization level" to identify read, edit, 
attr, and upload.

This is a pretty good idea, but perhaps another approach would be
to ask the question:  When an admin asks the question "what are all
of the access controls set on my site", he/she presumably gets
back a list of pages that have some sort of access control set
and some details about the current settings.

How would we display to the admin something like...?

    Read access is limited to Alice, Bob Barker, everyone in the
    "editors" group, and people who know a shared password.

However we display this information is a likely candidate for
what should be a valid specification in the ?action=attr form.


More information about the pmwiki-users mailing list