[Pmwiki-users] inching slowly towards user-based authorization

Patrick R. Michaud pmichaud
Wed Jun 16 14:46:29 CDT 2004


On Wed, Jun 16, 2004 at 03:31:45PM -0400, Bob Dively wrote:
> Patrick R. Michaud <pmichaud at pobox.com> wrote:
> 
> Another thing to consider is making some info from the authentication
> process available for processing later. I'm thinking specifically of a
> user's name (as opposed to a user's id) for use in the Author box on the
> action=edit page. Is that something that could be done via
> InlineReplacements or whatever its 2.0 equivalent is? I'm guessing that
> this is going to be Cookbook material, but I thought I'd mention it anyway.

This is already possible -- any routine (i.e., an authentication process)
can change the value of the $Author variable, and this is what is used in
the Author box on the action=edit page.  As an added bonus, one can
redefine $PageEditFmt to not include the Author box, in which case
the author name always comes from the setting of $Author.

> Questions: why "author:"? Isn't the string "twinkie author:alice,bob"
> already attached to the edit password and if so why not just "users:"?
> Also, if some sort of parent/child relationship between pages is developed,
> will the child inherit the parents security attributes?

I'm on a minor personal crusade against overuse of the word "user",
too many times I see people use the word "user" to describe entities
when words such as "author", "administrator", "editor", "process",
"client", etc. would be much more appropriate and clear.  I've even seen
lots of cases where the word "user" was used in the same paragraph to
refer to three or more different people/entities.  :-)

But in this case I could live with "user:alice,bob" just as easily as
"author:alice,bob".  OTOH, I think that "author:editors" for a group
of editors reads much better than "user:editors".

Pm



More information about the pmwiki-users mailing list