[pmwiki-users] How to protect an action ?
Jean DEMARTINI
jean.d.demartini at wanadoo.fr
Wed Jan 18 01:19:36 CST 2006
H. Fox a écrit :
>On 1/17/06, Roman <romat2 at gmail.com> wrote:
>
>
>>I protect it this way (in config.php):
>>
>>if ($action=='diff') $action='browse';
>>
>>(and similarily for other protected actions
>>
The original request was to password-protect an history page and not to
deny it. Well, I use PmWiki as a learning plateform and history-page is
a measure of the activity of my students. Then I prefer to be alone to
consult the history-pages.
Then given to the history-pages the same rights as an editable page
seems to be a good solution.
>Are you sure you caught them all? One way to be sure is to deny any
>actions you don't explicitly allow.
>
> $page = RetrieveAuthPage($pagename, 'read', false, READPAGE_CURRENT);
> if (! $page['=auth']['edit']) {
> ## Allow only essential site-related actions.
> $Actions_allowed =
> array('browse','print','search','edit','login', 'rss', 'atom');
> if (! in_array($action, $Actions_allowed)) { $action='browse'; }
> }
>
>You can also do
>
> (:if auth edit:)
> [...the history link...]
> (:if)
>
>so there won't be a tempting (broken) History link to follow.
>
>Hagan
>
>
Thanks for all these helps.
JDem
More information about the pmwiki-users
mailing list