[pmwiki-users] self-registering for notification emails
H. Fox
haganfox at users.sourceforge.net
Mon Jun 5 13:47:40 CDT 2006
On 6/5/06, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> Another option is require edit permission for both source and diff:
>
> $HandleAuth['source'] = 'edit';
> $HandleAuth['diff'] = 'edit';
Another possibility is to deny all actions that aren't explicitly
allowed for non-authors.
## Allow only essential site-related actions for non-authors.
$pagename = ResolvePageName($pagename);
$page = RetrieveAuthPage($pagename, 'read', false, READPAGE_CURRENT);
if (! @$page['=auth']['edit']) {
$Actions_allowed =
array('browse', 'print', 'search', 'edit', 'login', 'rss', 'atom');
if (! in_array($action, $Actions_allowed)) { $action='browse'; }
}
This is what the cmsb-cmsmode.php script (part of the CMSBundle
recipe) does. If there's a better way (code-wise) to do this [1], I'd
like to know about it.
Hagan
[1] Here's the actual code in cmsb-cmsmode.php right now:
SDV($CMSAllowedActions, // Actions allowed for non-authors
array('browse', 'print', 'search', 'edit', 'login', 'rss', 'atom',
'addlink'));
$page = RetrieveAuthPage($pagename, 'read', false, READPAGE_CURRENT);
if (! @$page['=auth']['edit']) {
if (! in_array($action, $CMSAllowedActions)) { $action='browse'; }
}
More information about the pmwiki-users
mailing list