[pmwiki-users] password question

Patrick R. Michaud pmichaud at pobox.com
Tue Mar 28 09:56:46 CST 2006


On Tue, Mar 28, 2006 at 10:07:08AM -0500, Neil Herber wrote:
> At 2006-03-28  09:45 AM -0500, The Editor is rumored to have said:
> >Just wondering why you are opposed to using AuthUser.  
> 
> So the compromise we arrived at was to have 2 shared passwords. 

FWIW, I also (strongly) prefer shared passwords over AuthUser.  :-)

> Everything works fine until someone tries to edit a Site page, at 
> which point the prompt should be "you need an admin password".
> I thought about testing for the group and tuning the password prompt 
> based on that, but that seems a kludge, and it requires updating the 
> prompt logic if I decide to protect other pages.

This is what I would do.  It's the simplest solution.

> Much better would be some logic that says "you are trying to edit 
> this page, and I can see that you have already used the shared edit 
> password, so you must need a higher level password - like admin."

PmWiki doesn't think in terms of "higher level" passwords -- there
are just passwords that authorize actions.  

In the general case, just because someone has entered the site edit
password but is unable to edit the current page doesn't automatically
imply they need the admin password or a 'higher level' password.
Sometimes it just means the page has its own edit password that
overrides the site password.

If you're not wanting to code the group directly, then these are
the approaches I could see taking (both of which require additional
features from PmWiki):

* Add a pagename option to (:if auth:), so that one can test the ability
  to perform an action on another page.  Then we would have

    (:if [ ! auth edit && auth edit Main.HomePage ]:)
    Admin password required

* Get the {$Passwdedit} page variable working.  Then we could have

    (:if equal {$Passwdedit] @lock:)
    Admin password required

Pm





More information about the pmwiki-users mailing list