[pmwiki-users] Limiting Group access via AuthUser groups

Petko Yotov 5ko at 5ko.fr
Thu Oct 31 15:57:20 CDT 2013

michael paulukonis writes:
> Is there a programmatic way to restrict group access?
> I'm setting up a wiki for others to maintain, who will be creating users and  
> Groups.
> Each Group should be restricted to one AuthUser group.
> Ideally, the AuthUser group would have the same name as the Group.
> This would mean that once a Group is created and users are added to the  
> AuthUser group, no further action would have to be taken by the  
> administrator.
> However, I haven't figured out how to set Group restrictions without using  
> {Group}.GroupAttributes?action=attr and manually setting the group.
> Would it be possible to do something like the following in local/config.php ?
> // exclude Groups like PmWiki, Main, etc.
> if ($Group != 'Site') {
>   $DefaultPasswords['read'] = array('@$Group', 'id:admin'); // restrict to  
> group and admin
> }

Something like this may appear to work but it may unexpectedly create read  
permissions, for example via (:include...:) or via Page(Text)Variables. A  
user in one Group may use (:include OtherGroup.MainPage:) and see the  
rendered HTML of that OtherGroup.

It is best to enter the user group in the GroupAttributes?action=attr page,  
or to programmatically create these pages.

See the recipe http://www.pmwiki.org/wiki/Cookbook/AutoGroupPages . You can  
insert inside that function something like:

  $group = FmtPageName('{$Group}', $pagename);
  $template = ReadPage('Templates.GroupAttributes');
  $template['passwdread'] = "@$group"; # or strtolower("@$group");
  $template['passwdedit'] = "@$group";
  $template['passwdattr'] = "@$group";
  WritePage("$group.GroupAttributes", $template);

See also http://www.pmwiki.org/wiki/PmWiki/EditVariables#AutoCreate which  
may potentially be of use.


More information about the pmwiki-users mailing list