[pmwiki-users] ZAPauth & PmWiki

Patrick R. Michaud pmichaud at pobox.com
Mon Oct 16 14:06:05 CDT 2006


On Mon, Oct 16, 2006 at 02:10:29PM -0400, The Editor wrote:
> As Pm is catching up on emails, thought I would repost this one that
> has been perplexing me for awhile.
> 
> On 10/15/06, The Editor <editor at fast.st> wrote:
> > I'm trying to improve the permissions systems in ZAP a bit to make it
> > tie in better with PmWiki.  
> > ...
> > The question is, how do I access a given user's current auth level
> > within a recipe such that I could say something like,
> >
> > SDV($ZAPauth[email], "admin");
> > if( ~get users auth level~ == ZAPauth[email])  execute emailer()

It's wrong to think of users as having "auth levels", at least as
you imply it here.  

We can't ask a generic question such as "does the user have edit
permission".  We can only ask "does the user have permission to
edit page XYZ".  There's no such thing as general "read level",
"edit level", or "upload level" associated with a user -- one can 
only speak of those permissions in reference to a particular
page.

> > Also, on a related note, how does PmWiki avoid forged headers with an
> > upload form?  ...

What do you mean by "forged headers"?  Or, put another way, PmWiki 
doesn't rely on headers for authorization.

Pm




More information about the pmwiki-users mailing list