[pmwiki-users] how to prevent access to the EditForm in a Forum
Patrick R. Michaud
pmichaud at pobox.com
Tue Oct 31 09:25:59 CST 2006
On Tue, Oct 31, 2006 at 10:30:42AM +0000, Hans wrote:
> Tuesday, October 31, 2006, 10:07:58 AM, Florian wrote:
>
> > this is exactly what i've already done. But i try to explain it again. Normal users with
> > editrights can edit by entering a message in the commentbox (visible by a conditional). This
> > works fine. The output of (:commentboxchrono:) is shown above the commentbox. If a user with
> > editrights knows that he can modify the already posted messages by entering the normal EditForm
> > by adding ?action=edit to the URL, this isn't a good thing.
> [...]
> Failing this we probably need another layer of password attributes,
> like comment:
> read, comment, edit, attr, admin
> I think this has been mentioned before, but i am not familiar with it.
Thus far I've been hoping to avoid another authorization level,
if only because it seems to complicate things even further
than they already are. But I'm still working out the details.
Pm
More information about the pmwiki-users
mailing list