[pmwiki-users] Groups and read/edit/write access

Petko Yotov 5ko at 5ko.fr
Fri Apr 24 12:32:47 PDT 2026 

Unless your user database has a column with the PmWiki user group, you 
may find it simpler to define and update the user groups in 
SiteAdmin.AuthUser instead of your own function.

Like:

   @admins: peter, yyyy at xxxxx.com

   @gr: petko, xxxx at xxxxx.com, staff at xxxxx.com

Your function will still authenticate if the user signed in correctly, 
and in this case AuthUser will set the user groups from the page.

Petko

-- 
If you upgrade :  https://www.pmwiki.org/Upgrades

On 24/04/2026 21:15, Petko Yotov wrote:
> On 24/04/2026 20:22, Peter van Es wrote:
>>     # success
>>     # set user groups: everyone logged in can read
>>     $authlist['@read'] = 1;
> ...
>>     # check role and functions
>>     $admins = ['Chairperson ICT', 'Administrative Secretary',
>> 'Ambtelijk Secretaris'];
>>     # admins are ICT and ASMD
>>     if (role_in($role, $admins)) {
>>         $authlist['@admin'] = 1;
>>     }
> 
> The user groups like @admins, @read, @gr are entirely up to you
> (except for @nopass and by convention @lock).
> 
> So in order for you to be admin, you need to have something like this:
> 
> $DefaultPasswords['admin'] = ['@admins'];
> 
> Here the first 'admin' are the name of the permission, the name
> 'admin' is not up to you. The list of usergroups in the brackets,
> their names are unrestricted, up to you.
> 
> To have the wiki read-protected, add a read password/permission:
> 
> $DefaultPasswords['read'] = ['id:*']; # anyone signed in
> or:
> $DefaultPasswords['read'] = ['@readers', '@guests']; # user groups
> 
> Similarly for $DefaultPasswords['edit'], 'upload', and if you enable
> Drafts, 'publish'.
> 
> 
>> This appears to work. Although I’m not entirely sure, as I added my
>> login username to the Site/AuthUser page as an admin:
>> @admins: xxxx at xxxxx.com  so that might override it…
> 
> It should merge the access permissions for the listed users.
> 
> BTW do you use email addresses as usernames? It should be okay, except
> that any user profile links in recent changes and in signatures may
> not work.
> 
> 
>> Then I tried to add to the page Group.Start access restrictions using
>> Group.GroupAttributes?action=attr and adding @gr to all of the access
>> control fields (read, edit, attr and upload).
> 
> Correct, in addition to $DefaultPasswords, you can use per-group or
> per-page permissions on
>   Group.GroupAttributes?action=attr
> 
> On that form, place the user groups in the fields, space separated.
> 
> 
>> After doing that, the group / page became completely inaccessible to
>> me (logged in, and should be at admin level).
> 
> After you submit the form at ?action=attr, you get logged out
> automatically. This is normal and expected, allows you to sign back in
> to test the new permissions.
> 
> If this annoys you, there is a variable to disable it, look it up.
> 
> 
>>  I tried to add
>>  $authlist['@gr'] = 1;
>> 
>> To my own authlist, but even that did not give me access. Where am I
>> misunderstanding the way this is meant to work?
> 
> If you are in a group which is attached to $DefaultPasswords['admin'],
> you can access all groups regardless of the group permissions. You
> don't need to be in both @admins and @gr, if you are in @admins, you
> can access all pages restricted to @gr.
> 
> Petko

More information about the pmwiki-users mailing list