[pmwiki-users] Hierarchical permissions

The Editor editor at fast.st
Tue Jan 30 21:46:16 CST 2007


On 1/30/07, The Editor <editor at fast.st> wrote:
> On 1/30/07, The Editor <editor at fast.st> wrote:
> > Hi list,
> >
> > I've been chewing on the problem of making permissions hierarchical
> > and seem to have a general solution in mind that goes something like
> > this...
> >
> > 1. Create a foreach routine from $HandleActions, and use the key to
> > process all current actions...
> >
> > 2. For each action, run up the hierarchy and check permissions, for each level.
> >
> > 3. Set permissions of current page to the first setting it encounters, using the
> > $DefaultPasswords array.
> >
> > Two quick questions:
> >
> > What function is used to retrieve the permission assigned to an action
> > for a given page (or preferably a given group)?
> >
> > Does the routine above sound like it woul work?  Any problems anyone forsees?
> >
> > Cheers,
> > Dan
>
>
> Still stumped setting up hg permissions.  Can anyone clarify  what
> function is used to retrieve the permissions assigned to an action for
> a given page (or preferably a given group)?  That is if you have set
> "secret" as the edit password, for Main.Test, how can you do something
> like:
>
> mysteryfunction('Main.Test', 'edit')
>
> and get it to return "secret", or "id:Bob" or "@webmasters" or whatever.
>
> Help?
>
> Cheers,
> Dan


Well, I'm really stumped on the hg permissions problems.  I have been
nosing around PmWiki itself and am beginning to understand it a bit,
but nowhere's near close to having a solution.  In fact, now I think
I'm farther than I was when I began!

Here's my best understand of how it works.

When a page name is sent to pmwiki (perhaps with an action like edit),
it calls RetrieveAuthPage which calls PmWikiAuth...

To disable all permissions, you seem to be able to set $AuthFunction
to NULL, or to create your own auth function, you set it to something
beside PmWikiAuth.

PmWikiAuth seems to return a complex array of various values (time,
version, etc) and several arrays, including:
--\ =pwsource tells how password is determined for each action (site,
group, page, cascade).
--\ =passwd gives the actual passwords, etc, for each action.
--\ =auth assigns a number for each action, with (3) apparently meaning admin.

In seems to call in stuff from $DefaultPasswords (set in config file
usually), as well as from a groupattributes page (set by
$GroupAttributesFmt). It uses this info to assign the values to the
array(s) mentioned above, via SessionAuth.

Evidently if a person fails to authenticate, it returns False, and
calls up the password form (assuming $authprompt=true).  If they do
authenticate they get the big complex array above returned to PmWiki,
and the page finishes loading.

SessionAuth is used to set session variables if supplied a $auth
variable, or it retrieves them as needed in PmWikiAuth...


Now if this is all correct, Hg should be able to take a url and check
for group attributes pages, each step up the hierarchy--using the
first one it encounters.  Once that is determined it can be set by
$GroupAttributesFmt. Everything else should work as desired
($DefaultPasswords, $AuthCascade, etc)....

Wow, maybe this will be easy after all...  By jove I think I've solved it...

Decided to go ahead and post this for your reading pleasure, (actually
to see if anyone can verify/revise this information)...  I'll try the
solution suggested above later, when I'm a bit less tired, and see if
it doesn't in fact work.  If so--I should be finished with Hg!

Cheers,
Dan



More information about the pmwiki-users mailing list