page deletion password (was: Re: [Pmwiki-users] Creating Groups)
Neil Herber
nospam
Wed Jan 19 21:10:40 CST 2005
At 2005-01-19 07:29 PM -0800, Menachem Shapiro is rumored to have said:
>Is there any way to stop users from being able to delete the page (but
>still let admins delete a page if they need to)?
>
>I could probably accomplish some kind of control by changing
>$DeleteKeyPattern
>(http://pmwiki.org/wiki/PmWiki/EditVariables#DeleteKeyPattern) to
>something strange that only I would know, but security by obscurity
>never appealed to me.
>
>Is there a way to limit the ability to delete pages?
If you put an edit password on the page, only password holders can delete it.
Even if someone does delete a page, PmWiki does not actually throw it away.
It renames the page to something like "Main.GroupHeader,1106016119" where
the trailing digits are a timestamp (the number of seconds since
Jan 1 1970 00:00 UTC). Anyone with access to the wiki.d/ directory can
restore the page by simply removing the comma and trailing digits from the
file name.
Note that this does not address the problem of other authors having
recreated the page while the original was "deleted". You will then be faced
with deciding what content should survive.
Personally, I would prefer to have page deletion as an action like edit or
history with the possibility of a deletion password. The end result should
be the same (renamed page), but the invocation would be more obvious and
controllable.
Neil
Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668
More information about the pmwiki-users
mailing list