[pmwiki-devel] Seeking approach suggestions for roles and actions

[DaveG]

I'd like to implement a mechanism to define groups of users by role, and 
for each role to have one or more actions. I then need a mechanism to 
test to see if the logged in user has permissions for an action, based 
on the role they are assigned. This needs to tie to whether they have 
actual PmWiki privs as well.

A quick (very slightly simplified) sample:
  - David has the role Admin. Admins can perform actions 1,2,3.
  - Bert has the role Writer. Writers can perform actions 3,4,5.
  - Sally has both Admin and Writer roles, and thus can perform 1,2,3,4,5.

Sample test:
  - Does Bert have action 3 assigned?


The way I started to do this is with AuthUser (below), but it seems way 
too complicated. The particular implementation doesn't allow me to share 
actions across roles, but could be modified. It also means I need to use 
CondAuth -- which I'd prefer not to, as it seems to require some careful 
positioning in terms of other code, and other cookbooks.

It seems to me that I might be able to simply use AuthList somehow, and 
then test with:
   if ($AuthList['@'.$Auth_Array[$action]] > 0)  #where auth_array from 
example below


I'm sure someone has done this before. Any recommendations?


  ~ ~ David

#======================================
# Define users passwords
$AuthUser['daveg'] = crypt('david');
$AuthUser['bert'] = crypt('bert');
$AuthUser['sally'] = crypt('sally');

# Add users to the auth groups
$AuthUser['@Admin'] = array('david','sally');
$AuthUser['@Writer'] = array('bert','sally');

# Assign users/groups to the blogit security groups
$DefaultPasswords['Admin'] = array('@Admin');
$DefaultPasswords['Writer'] = array('@Writer');

#Now assign the actions to the roles
SDVA($Auth_Array, array(
    '1'=>'Admin',
    '2'=>'Admin',
    '3'=>'Writer',
    '4'=>'Writer',
    '5'=>'Writer'
));

Test with:
CondAuth($pagename, $Auth_Array[$action])