[pmwiki-users] Read-protecting Site.*
Patrick R. Michaud
pmichaud at pobox.com
Thu Apr 12 13:32:16 CDT 2007
On Thu, Apr 12, 2007 at 08:10:43PM +0200, ThomasP wrote:
> >> Could there be another passwordable attribute "access" or something
> >> like that?
> ...
> What the engine performs on most of these special pages is not actually a
> 'read', but rather an 'interpret' operation, which is worth distinguishing
> in many occasions. (For example it is a difference, whether you may read a
> notify list page, or whether it may be interpreted for you.)
I think I need a better example than this one. It's already the case
that PmWiki does the right thing with NotifyList -- i.e., it's interpreted
regardless of its read permission.
The same is true for many other cases such as Site.AuthForm, Site.EditForm,
etc.... read permissions don't pose a problem here. It's only an issue
when we need page markups to be able to bypass the read permissions in
certain (but as yet unspecified) situations.
> Usually one would say that in the end all possible interpretations will be
> allowed, so why make a fuss (or more correctly: an extra action) about it.
> But "vicious minds" can also imagine cases where even the interpretation
> itself should be controlled page-wise via the standard authorization
> scheme (instead of only config.php tweaks). In any case in the long run it
> is IMHF the more systematic approach.
Following PmWikiPhilosophy #3, I think I need a few more concrete examples
to work from before heading down this path.
Thanks,
Pm
More information about the pmwiki-users
mailing list