[pmwiki-users] UserAuth2 and WikiCalendar problem

IchBin weconsultants at gmail.com
Tue Jun 12 12:55:35 CDT 2007 

ThomasP wrote:
> On Tue, June 12, 2007 18:21, IchBin wrote:
>> Not to be missing anything I have this output _<below>_. I am not given
>> authorization.
>>
>> - When trying to update with the markup for formated message to a
>> calendar page:
>> UA2ErrorLog: 'Access to Calendar/20070612 at level edit NOT granted. '
>>
>>
>> - Be interesting to find out what is supposed to be uploaded every
>> screen refresh:
>> UA2ErrorLog: 'Warning: Someone asking for permission for unknown level
>> 'upload'. Refused.
>>
>>
>> - Wondering if this is a problem with the period or just displaying a
>> period at the end the sentence as part of the display message:
>> UA2ErrorLog: 'Loading perm record for WET. '
>>
>> - Is this wrong? I would figure this is a content page:
>> UA2ErrorLog: 'Calendar/20070612 is a content page: no '
>>
> 
> Thanks for the detailed error log - this is really useful.
> 
> The problem is definitely at least due to having a slash in the queried
> page name. The UA2 module is CleanUrls-blind, meaning that it will always
> expect "dotted" page names, like "Calendar.20070612". For this reason the
> first query (first item you listed above) is not granted, and also the
> page is falsely not recognized as content page.
> 
> The solution is to add the already mentioned str_repl('/', '.', $pagename)
> statement to the module, the trick is only to put it in the right place
> such that is encountered in any case. My approach was that since every
> engine call will enter at UserAuth2(), it is save to place it exactly
> there. As far as I can see now this is the only entry point right now, so
> it must work.
> 
> The "upload" puzzle is another issue. First that the query is issued does
> not necessarily mean that something should be uploaded - rather on parsing
> the page the engine might want to find out whether a certain upload link
> (see Site.PageActions) should be _displayed_ or not. The problem here is
> that for some reason the first call to the UA2 module takes place _before_
> the scripts/upload.php is loaded (where $HandleAuth['upload'] = 'upload'
> is set), and so the upload action is not yet known.
> 
> A solution here might be to just change the order of script inclusions. If
> this does not help, just have a
> 
> $HandleAuth['upload'] = 'upload';
> 
> before including userauth2.php and everything will be fine.
> 
> Thomas
> 
>> Here is what I captured and when:
>>
> _____________________________________________________________________________________________
>> LOAD OF PMWIKI TO FIRST PAGE:
>> _____________________________________________________________________________________________
>> UA2ErrorLog: 'Loading perm record for GuestUsers. '
>> UA2ErrorLog: 'Someone trying to access page Site.Login at level read. '
>> UA2ErrorLog: 'Site.Login is a content page: no '
>> UA2ErrorLog: 'Access to Site.Login at level read granted. '
>>
>>
> 
> This is ok.
> _____________________________________________________________________________________________
>> AFTER LOGIN WITH 'WET' ACCOUNT NAME:
>> _____________________________________________________________________________________________
>> UA2ErrorLog: 'Loading perm record for GuestUsers. '
>> UA2ErrorLog: 'Someone trying to access page Main.HomePage at level read. '
>> ...
>> UA2ErrorLog: 'CheckUserPerms user admin page Site.PageActions level
>> read... '
> 
> This is all ok.
> 
>> UA2ErrorLog: 'Warning: Someone asking for permission for unknown level
>> 'upload'. Refused. '
>>
>>
> 
> This does not work because of reason given above.
> 
> _____________________________________________________________________________________________
>> AFTER SELECTING THE CALENDAR LINK
>> _____________________________________________________________________________________________
>> UA2ErrorLog: 'Loading perm record for GuestUsers. '
>> UA2ErrorLog: 'Someone trying to access page Calendar.Calendar at level
>> read. '
>> UA2ErrorLog: 'Calendar.Calendar is a content page: yes '
>> UA2ErrorLog: 'CheckUserPerms user admin page Calendar.Calendar level
>> admin... '
>> UA2ErrorLog: 'Warning: Someone asking for permission for unknown level
>> 'upload'. Refused. '
>>
>>
> 
> Same.
> 
> _____________________________________________________________________________________________
>> AFTER SUBMITTING FORMATED MESSAGE:
>> _____________________________________________________________________________________________
>> UA2ErrorLog: 'Loading perm record for GuestUsers. '
>> UA2ErrorLog: 'Someone trying to access page Calendar/20070612 at level
>> edit. '
>> UA2ErrorLog: 'Calendar/20070612 is a content page: no '
>> UA2ErrorLog: 'CheckUserPerms user WET page Calendar/20070612 level edit...
>> '
>> UA2ErrorLog: 'Access to Calendar/20070612 at level edit NOT granted. '
>> UA2ErrorLog: 'CheckUserPerms user WET page Calendar/20070612 level
>> admin... '
>> UA2ErrorLog: 'CheckUserPerms user LoggedInUsers page Calendar/20070612
>> level admin... '
>> UA2ErrorLog: 'CheckUserPerms user admin page Calendar/20070612 level
>> admin... '
> 
> In short: slashs are bad. Therefore no pass.

Funny thing is that I do have the str_replace('/', '.', $pagename) as 
the first line of executable code for function UserAuth2(). Apparently 
that is not the correct place to do the normalization of the url.

function UserAuth($pagename, $level, $authprompt=true) {
   return UserAuth2($pagename, $level, $authprompt);
}

function UserAuth2($pagename, $level, $authprompt=true) {
   // If called with $authprompt==true, the function is expected
   // to produce either the specified page to the client or
   // print the login page. If called with $authprompt==false, the
   // caller just wants to know whether the current user has the
   // permission to access the specified page at the given level.
   // Still, the pmwiki engine demands the page being returned on
   // success, since it needs the time stamps and other fields.

   // Fix to normalize the page url to use '/' and not '.'
   str_replace('/', '.', $pagename);

-- 
Thanks in Advance...          http://weconsulting.org
IchBin, Philadelphia, Pa, USA http://ichbinquotations.weconsulting.org
______________________________________________________________________
'If there is one, Knowledge is the "Fountain of Youth"'
-William E. Taylor, Regular Guy (1952-)

More information about the pmwiki-users mailing list