[pmwiki-users] hide links for certain groups
Randy Brown
alongkiss at aprivatespot.com
Thu Mar 31 17:05:51 CDT 2011
If you are simply trying to hide a link that won't work anyway for a user, a conditional test is fine. But if your goal is security, you need to set the page's permissions appropriately.
If a page has read permission authorized for all, all users will be able to read it even if they don't see the link in your sidebar. For example if UnauthorizedUser guesses the page name, or does a search for pages and it appears in the list, or looks at the All Recent Changes page and sees the link, he or she will find and read the page whose sidebar link you are hiding.
Similarly, if you make content on a page display only for authorized users via a conditional like (:if authgroup xxx:), users who have permission for action=source will be able to extract the lines you are trying to hide. To repeat: the only secure way to block read access to a page is through setting the page's read permission appropriately.
Randy
On Mar 31, 2011, at 3:01 PM, Robert Matthews wrote:
> Yes, this is basically what I want to do... can you show me a line of
> code that I can insert into config.php to check which AD group a user
> belongs to?
More information about the pmwiki-users
mailing list