[Pmwiki-users] User based security?

Patrick R. Michaud pmichaud
Mon Feb 23 18:24:04 CST 2004


On Mon, Feb 23, 2004 at 12:54:46PM -0500, J. Perkins wrote:
> I had been working on a "user security" addon for 0.5.x, but abandoned 
> it when the author-tracking stuff was added to 0.6. I would like to have 
> a way to control access to the wiki on a user level, rather than having 
> "site", "group", and "page" passwords. In my case, the people being 
> allowed access changes rather frequently, and some users are 
> understandably annoyed when they have to remember a new set of passwords.
> 
> Anyway, before I start trying to do this myself, are there any plans to 
> make such a system part of the official distribution? 

I've been planning on writing a cookbook module or optional scripts module
that would use Apache's built-in user authentication methods (i.e., via
.htaccess files) as a substitute for PmWiki's current authentication
scheme.  This would be used for access control and for identification
(authorship).  Would that be enough?

Initially, access control levels would probably be specified in
arrays; i.e., something like:

$HTAccess['read'] = '';			# anyone can read
$HTAccess['edit'] = 'valid-user';	# anyone with a valid password can edit
$HTAccess['upload'] =                   # frankr, harryt, and abel can upload
  array('frankr', 'harryt', 'abel');
$HTAccess['attr'] = 'harryt';           # only harryt can change passwords
$HTAccess['admin'] = 'gwash';           # gwash has admin access

although I'm not sure if it will be possible to allow anonymous read access
when using .htaccess authentication.  Of course, more complex access control
list mechanisms could easily be built on top of this simplistic one.

We could also see about combining the authentication mechanisms; i.e.,
have a username+password scheme combined with the current page/group
passwords.

It may also be possible to code up a user-authentication scheme based
on the pages stored in the Profiles/ directory, but I haven't thought 
about it that much yet.  If that would be preferred over .htaccess 
authentication I can work on that (in my "spare time" :-).

Pm



More information about the pmwiki-users mailing list