[pmwiki-users] AuthUser

Peter Bowers pbowers at pobox.com
Tue May 3 16:04:48 CDT 2011

On Tue, May 3, 2011 at 9:49 PM, Sandy <sandy at onebit.ca> wrote:
> Here's something that looks vaguely like Peter's method. Is it still valid,
> or should the docs be changed?
> From http://www.pmwiki.org/wiki/PmWiki/Passwords:
> --How can I create private groups for users, so that each user can edit
> pages in their group, but no one else (other than the admin) can?
> --Administrators can use the AuthUser recipe and add the following few lines
> to their local/config.php file to set this up:
>    $group = FmtPageName('$Group', $pagename);
>    $DefaultPasswords['edit'] = 'id:'.$group;
>    include_once("$FarmD/scripts/authuser.php");
> --This automatically gives edit rights to a group to every user who has

I've never messed around with $HandleAuth or cascading or etc so I'm
not coming up with a clear situation where this would cause problems.
But I am pretty certain that if you are using forms processors which
rely on pmwiki authorizations this could cause the same type of
problem.  Basically you would be in GroupX for which you had edit
permissions, but perhaps your form would be writing to another page in
GroupY which you should NOT have edit permissions, but because of this
config setup you actually would have edit permissions.

I would line up on the side of saying let's change the docs, but I'm
not positive enough to say that definitively...


More information about the pmwiki-users mailing list