[pmwiki-users] PageList Project

The Editor editor at fast.st
Sun Jan 21 04:46:11 CST 2007 

On 1/12/07, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> On Thu, Jan 11, 2007 at 04:56:07PM -0500, The Editor wrote:
> > First, on the subscription/unsubscriptions page, I have a page list
> > used to check and see which mail lists a member is subscribed to, (the
> > page allows them to subscribe/unsubscribe at the click of a
> > button--and then is supposed to dynamically reflects those changes):
> >
> > Current Subscriptions:
> > (:pagelist {$Email} group=MailList name=-Template list=normal fmt=#title:)
> >
> > It works fine as long as they have read permission to the MailList
> > group, but when they don't it won't show any subscriptions.  The
> > reason is not because the pagelist is protected, but rather, I'm
> > guessing, because pagelist can't read the target pages to test for the
> > search criteria (their email address), all the lists fail.
>
> That's correct.  Read permission controls access to the information
> about a page -- both its contents and attributes -- so if a
> browser isn't authorized to read a page, it can't learn any details
> about it other than the name.
>
> Put slightly differently, many people would be unpleasantly
> surprised if {$Description}, {$LastModifiedBy}, {$:TextVar},
> etc. were available to people who don't have read permission on
> a page.
>
> > Any suggestions for making this work?
>
> In the general case, no.  I think you're after a finer-grained
> level of access control than I had ever contemplated for PmWiki.  :-)

For what it's worth, I was able to get this to work just fine by
creating my own conditional which checked the text var criteria
directly.  Solved the problem perfectly.

> > Second, I'm wanting to set up an email authentication system, but not
> > sure the best approach.
>
> When in doubt, follow a method that other systems use.
> For a newsletter system, I'd aim to do something similar to
> what mailing list managers such as mailman do.

I really didn't like mailman's approach and ended up using a rather
creative system that makes it easier for an individual to take care of
their subscriptions.  When they visit the newsletter mgmt site, it
asks them to simply enter an email address, and forwards them to an
authentication page.  There, they enter  simple passcode emailed them
(a random number) to verify ownership of the email.  Once verified,
they are forwarded to a subscriptions page which dynamically shows all
current subscriptions, and lets them add or drop subscriptions at the
click of a button.  Pass codes are only valid for 20 minutes and are
tied to specific emails. I think most users will find it much simpler
to use than mailman. Let me know if anyone sees any problems in this
setup.

Cheers,
Dan

More information about the pmwiki-users mailing list