[pmwiki-users] CondAuth inside of config.php after include authuser, returns ok when read password GroupAttributes enabled.

Chris Cox ccox at endlessnow.com
Thu May 21 17:31:22 CDT 2009


I'm seeing an interesting problem.  In my config.php
I have:
$DefaultPasswords['admin'] = array(crypt('secret'),'@sysadmin');
$DefaultPasswords['attr'] = '@sysadmin';
$DefaultPasswords['edit'] = 'id:*';
$DefaultPasswords['upload'] = '';
$DefaultPasswords['browse'] = '';
$HandleAuth['upload'] = 'edit';
$HandleAuth['diff'] = 'edit';
$HandleAuth['source'] = crypt('secret');

include_once("$FarmD/scripts/authuser.php");

if (CondAuth($pagename,$action)) {
        $ok='ok';
} else {
        $ok='not ok';
}


The problem is that when I go to a page where read is protected
via GroupAttributes for group called Mine, I get thrown to the login 
dialog (correct), but I also get an 'ok' above for the page.  Shouldn't 
I get a 'not ok' instead??  I'm confused.

Seems to work if I try to edit a page where I don't have
permissions.  Is this because there is a difference between
authuser and just plain old page password protection??  Notice
that edit needs id:* auth perms by default.  On that 
Mine/GroupAttributes page I have:

read: id:*
edit: id:* (set by site)
attr: @sysadmin (set by site)
upload:    (using read password)

I get 'ok' even when I haven't logged in, though I do get the
login prompt.  It's just that CondAuth isn't giving me what
I expected.

Thanks for any help on this,
Chris





More information about the pmwiki-users mailing list