[pmwiki-users] modifying wikish renaming pages/groups scripts to update links with spaces
Peter Bowers
pbowers at pobox.com
Fri Jul 27 17:52:43 CDT 2012
On Wed, Jul 25, 2012 at 12:32 AM, Alex Eftimiades
<alexeftimiades at gmail.com> wrote:
> if (CondAuth($pagename, "admin")) {
> slAddAuth($wshAuthPage, "*.*", "read,create,insert,overwrite,append,prepend,attr,delete");
> $EnableWikiShDeletePage = true;
> $EnableWikiShChmod = true;
...
> I tried modifying the CondAuth line with an "or $group=='WikiSh'" for
> starters, but that did not seem to make a difference. I am quite confused as
> to how to go about doing this.
You wouldn't want to give this much permission to anybody accessing
any page in the WikiSh group unless you have a very (!) trusted group
of editors. Some malicious person could, for instance, go to
WikiSh.ControlPanel and execute a command like "rm *.*", thus deleting
your entire wiki. Of course you could go in behind the scenes and
undelete them, but it would probably be a Very Bad Day... WikiSh is a
sharp tool which has the potential to cut the user if you're not very
careful...
However, as long as you make sure only very trusted individuals have
edit capability on the WikiSh.Rename page (like if it is locked to the
admin password) then you could give the permissions needed just when
someone was doing the (pre-approved, unchangeable) script on that
page:
> if (CondAuth($pagename, "admin") || (CondAuth($pagename, "edit") && $pagename == 'WikiSh.Rename')) {
(Note that if your $pagename has not been resolved yet then it could
look like WikiSh/Rename or something (note the slash instead of the
period), but resolving $pagename (ResolvePageName) sets some cache
values which should probably be done very close to the end of the
config.php. Note Petko's advice in
http://www.pmichaud.com/pipermail/pmwiki-devel/2009-April/001613.html.
It's documented somewhere else in more detail, but this is the link I
found first and it should suffice)
You've done a nice job of implementing the rename form. Feel free to
document your solution in the WikiShExamples if you like.
Do be aware that if someone has set a per-page or per-group password
somewhere such that the current user does not have edit permissions
then WikiSh will *not* do the text substitution to fix the links on
that page. WikiSh *always* honors pmwiki authorizations according to
the level of the current user. [1] I'm assuming in your case most
people are using a single edit password and so that doesn't cause
problems, but I just mention it to be clear...
-Peter
[1] You can override this, but it's been made difficult to do
intentionally because you should almost never do this.
More information about the pmwiki-users
mailing list