[pmwiki-users] How to test permissions for target of link?

Peter Bowers pbowers at pobox.com
Tue Oct 11 06:25:53 CDT 2011


On Tue, Oct 11, 2011 at 12:02 AM, Lars Eighner <surname at larseighner.com> wrote:
> I want to use PmWiki for genealogy. I want pages pertaining to persons to be
> named according to the person's name.  I want pages pertaining to historic
> (i.e. deceased and presumed deceased) persons and consenting adults to be
> publically readable.  But I want to conceal the identities of living adults
> who have not given me permission and living children so they appear only to
> family members who have read permissions.

I note that with these particular specifications you still have a
security/privacy "leak".  Since you want security to be based on the
*target*, someone could have edit or source privilege on the
*originating* page and (since pages are named according to the
person's name) they would still be able to see it.  If you eliminate
source privileges and are OK with "edit" permission on the originating
permission implying that they can view the names then you are OK.

If you want to keep to a strictly target-based security mechanism (as
you've described above) then you will have to change to some other
naming convention such as numeric or etc. with the *title* of the page
being the person's name.  While this sounds complicated, a simple form
could easily accomplish this and at the same time could standardize
the type of information you are collecting (putting
birthdates/locations into PTVs, etc.).

In other words, your page name would be 000001 but the title would be
"(:title Sam Smith:)".  If your page name is "MyGroup.SamSmith" then
an editor of this page will still see [[Sam Smith]] when he edits the
page, even if he doesn't have read permission on Sam's page.

Again, if edit permissions on the current page imply read permissions
on links then this is all a moot point.  But I would still be very
tempted to go with a form-based system for creating new pages (it will
both standardize the input and also deal with the possible difficulty
of having multiple names in the family that are the same).

-Peter



More information about the pmwiki-users mailing list