[pmwiki-users] Groups and read/edit/write access

Petko Yotov 5ko at 5ko.fr
Fri Apr 24 12:15:13 PDT 2026 

On 24/04/2026 20:22, Peter van Es wrote:
>     # success
>     # set user groups: everyone logged in can read
>     $authlist['@read'] = 1;
...
>     # check role and functions
>     $admins = ['Chairperson ICT', 'Administrative Secretary',
> 'Ambtelijk Secretaris'];
>     # admins are ICT and ASMD
>     if (role_in($role, $admins)) {
>         $authlist['@admin'] = 1;
>     }

The user groups like @admins, @read, @gr are entirely up to you (except 
for @nopass and by convention @lock).

So in order for you to be admin, you need to have something like this:

$DefaultPasswords['admin'] = ['@admins'];

Here the first 'admin' are the name of the permission, the name 'admin' 
is not up to you. The list of usergroups in the brackets, their names 
are unrestricted, up to you.

To have the wiki read-protected, add a read password/permission:

$DefaultPasswords['read'] = ['id:*']; # anyone signed in
or:
$DefaultPasswords['read'] = ['@readers', '@guests']; # user groups

Similarly for $DefaultPasswords['edit'], 'upload', and if you enable 
Drafts, 'publish'.


> This appears to work. Although I’m not entirely sure, as I added my
> login username to the Site/AuthUser page as an admin:
> @admins: xxxx at xxxxx.com  so that might override it…

It should merge the access permissions for the listed users.

BTW do you use email addresses as usernames? It should be okay, except 
that any user profile links in recent changes and in signatures may not 
work.


> Then I tried to add to the page Group.Start access restrictions using
> Group.GroupAttributes?action=attr and adding @gr to all of the access
> control fields (read, edit, attr and upload).

Correct, in addition to $DefaultPasswords, you can use per-group or 
per-page permissions on
   Group.GroupAttributes?action=attr

On that form, place the user groups in the fields, space separated.


> After doing that, the group / page became completely inaccessible to
> me (logged in, and should be at admin level).

After you submit the form at ?action=attr, you get logged out 
automatically. This is normal and expected, allows you to sign back in 
to test the new permissions.

If this annoys you, there is a variable to disable it, look it up.


>  I tried to add
>  $authlist['@gr'] = 1;
> 
> To my own authlist, but even that did not give me access. Where am I
> misunderstanding the way this is meant to work?

If you are in a group which is attached to $DefaultPasswords['admin'], 
you can access all groups regardless of the group permissions. You don't 
need to be in both @admins and @gr, if you are in @admins, you can 
access all pages restricted to @gr.

Petko

-- 
If you upgrade :  https://www.pmwiki.org/Upgrades

More information about the pmwiki-users mailing list