[pmwiki-users] CondAuth ignores $HandleAuth: Bug?

Stirling Westrup sti at pooq.com
Sat Oct 6 16:50:36 CDT 2007


I've just tracked down a problem that I was having with a statement like:

  (:if auth upload {$PAGE}:)

I presume (and I could be wrong) that this is supposed to test if the user has
the authority to upload to page {$PAGE}. It turns out that auth calls
CondAuth, which (among other things) tests $AuthCascade, but it completely
ignores $HandleAuth. In my config.php, I have the lines:

  $DefaultPasswords['admin'] = '@admins';
  $DefaultPasswords['edit'] = '@editors';

  # Anyone with edit rights also has upload rights.
  $HandleAuth['upload'] = 'edit';

So, although the standard (:if auth upload:) is false, I can, in fact, do an
?action=upload, and it will work. I fixed it by redefining auth as follows:

  # redefine 'auth' so it cares about $HandleAuth
  $Conditions['auth'] = 'NoCache(CondAuth2($pagename, $condparm))';

  function CondAuth2($pagename, $condparm)
    { global $HandleAuth;

      @list($level, $pn) = explode(' ', $condparm, 2);
      $level = array_key_exists($level,$HandleAuth) ? $HandleAuth[$level] :
$level;
      $pn = ($pn > '') ? MakePageName($pagename, $pn) : $pagename;
      msg("lvl=$level, ha=$HandleAuth[$level], pn=$pn");
      return (boolean)RetrieveAuthPage($pn, $level, false, READPAGE_CURRENT);
    }

And now everything works as I expected. So, did I find and fix a bug, or did I
just mess things up in some subtle way that I don't yet understand?








More information about the pmwiki-users mailing list