[pmwiki-users] parameters to a handler function
Petko Yotov
5ko at 5ko.fr
Tue Jul 5 01:49:51 CDT 2016
The second argument is the authorization level the user must have to
access your function, but you need to verify this yourself!
The argument will be passed to your function: it is taken from the
$HandleAuth array, or from the default arguments of the function. Your
function must call RetrieveAuthPage() if it requires a certain level of
authentication; that second argument can allow wiki admins to override
your default level of authentication, if they need to, and if you use
it. (If you decide they don't need to change the level, don't use that
argument.)
I invite you to review some simple core functions like HandleSource() or
HandleAttr() or HandlePostAttr() in pmwiki.php.
For example: by default ?action=source requires read permissions:
function HandleSource($pagename, $auth = 'read') {
# ...
$page = RetrieveAuthPage($pagename, $auth, true, READPAGE_CURRENT);
if (!$page) Abort("?cannot source $pagename");
#...
}
If an admin sets in config.php $HandleAuth['source'] = 'edit'; then
HandleSource() will be called with a second argument 'edit' not 'read'.
The key to your page is RetrieveAuthPage() which is documented here:
http://www.pmwiki.org/wiki/PmWiki/Functions#RetrieveAuthPage
Notably, if the user has no $auth permissions to access the page, the
login form will appear to allow her to type her password (if the third
argument is true, or is missing). If the third argument is false, and
the user has no permissions to $auth the page, the login form will not
appear and the $page variable will be false - so you can deal with it.
See also the note about READPAGE_CURRENT in the Functions page.
* If you don't modify the page AND don't need the page history, use
READPAGE_CURRENT, it is faster. Like HandleSource() or HandleAttr() do.
* If you do modify the page OR you need the history, you must not use
READPAGE_CURRENT or you'll lose all history. Like HandlePostAttr() does.
Hope that helps.
Petko
---
Change log : http://www.pmwiki.org/wiki/PmWiki/ChangeLog
Release notes : http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes
If you upgrade : http://www.pmwiki.org/wiki/PmWiki/Upgrades
On 2016-07-05 01:35, Peter Kay wrote:
> There appear to be two parameters passed to a handler set up via
> $HandleActions['...']. The first is the $pagename. The second, which
> not
> everyone uses, is $auth. The CustomActions page doesn't make it
> totally
> clear what $auth is - is it the authorization level the user already
> has?
> Is it $HandleAuth['myaction']?
More information about the pmwiki-users
mailing list