[Pmwiki-users] Nested group permissions

Patrick R. Michaud pmichaud at sci.tamucc.edu
Wed Apr 30 10:43:10 CDT 2003

Also, just for clarification, currently PmWiki treats each group
as being in a separate HTTP realm for authentication purposes.  Thus, 
even if the user supplies a password for the NC17 group (realm), when he
goes to the PG13 group it will still prompt once for a password.  However,
in the PG13 group the NC17 and XXX passwors should work as well as the
PG13 ones.

I can make a modification to pmwiki.php to allow the site administrator
to decide what realm (if any) to issue with the authentication

Also, can you add $EnableDiag = 1 to your local.php, and then
send me the output resulting from adding "?action=diag" to one of
your PG13 urls (or send me a URL to use so that I can look it up
directly).  You probably don't want to post the output of ?action=diag
to the listserv.


On Wed, 30 Apr 2003, Crisses wrote:

> > That's it!  Let me know if you need any clarification on anything.
> Ok:  it does not work right now:
> For example: tried entering the NC17 edit password to read NC17, it asked
> for a password.  Put in NC17 edit password to edit an NC17 page, it worked,
> but I could not edit PG13, could not read NC17 (both asked for a password).
> I entered the read PG13 password to read PG13, it worked.  Checked GRating
> read access and this worked (this puzzled me, given everything else, maybe I
> erred in encrypting a password?, so I'll check that). Then I tried XXX read
> password to read XXX, it worked, then I tried to view a NC17 page, it asked
> for a password.  I went back to try to read Grating, which just worked, and
> it asked for a password, so it forgot that I just had access.
> So something's not quite right.  Edit passwords are not granting read
> access, or lower-level edit access.  Read passwords at upper levels are not
> granting read access at lower levels (with the strange possible exception of
> PG13 read having granted GRating read?).  I tested several times by
> reloading a browser and using another browser (just so it would reset my
> passwords), and had the same problems.  I went through and 'cleared' the
> group passwords from the webbrowser using the admin password, also, in case
> that was interfering.
> This is what I put in the local.php file:
> $DefaultPasswords['attr'] = '*'; # negates per-page passwords
> ## The following code is added by Crisses to create nested pswds
> ## Code supplied by PMichaud
>     $grouplevels = array('GRating'=>1, 'PG13'=>2, 'NC17'=>3, 'XXX'=>4);
>     $pwread['GRating'] = ('encryptedpassword');
>     $pwedit['GRating'] = ('encryptedpassword');
>     $pwread['PG13'] = ('encryptedpassword');
>     $pwedit['PG13'] = ('encryptedpassword');
>     $pwread['NC17'] = ('encryptedpassword');
>     $pwedit['NC17'] = ('encryptedpassword');
>     $pwread['XXX'] = ('encryptedpassword');
>     $pwedit['XXX'] = ('encryptedpassword');
> ## Note that each of the $pw entries can be arrays if you want to
> ## distribute some multiple passwords.  Then, figure out what group
> ## we're in, and get the level for the current group:
>     $group = FmtPageName('$Group',$pagename);
>     $thislevel = $grouplevels[$group];
> ## Set up the $DefaultPasswords entries depending on
> ## the current group.  Basically, passwords in groups with equal or
> ## higher levels than the current one are added to the arrays:
>     foreach ($grouplevels as $g=>$v) {
>       if ($v>=$thislevel) {
>         $DefaultPasswords['read'] =
>           array_merge($DefaultPasswords['read'],$pwread[$g]);
>         $DefaultPasswords['edit'] =
>           array_merge($DefaultPasswords['edit'],$pwedit[$g]);
>       }
>     }
> ## allow all of the edit passwords to be accepted for read
> ## actions:
>     $DefaultPasswords['read'] =
>       array_merge($DefaultPasswords['read'],$DefaultPasswords['edit']);
> Thanks so much :)
> Crisses

More information about the pmwiki-users mailing list