[pmwiki-devel] check authorization requirements for a given page
DaveG
pmwiki at solidgone.com
Thu Oct 1 14:52:21 CDT 2009
I had a similar need recently. Here's what I came up with...
On 10/1/2009 2:08 PM, Frank Schweickert wrote:
> How can I check (with php) the authentication requirements for an action
> at a *given page*?
You'd need to create a data structure, or code, that associates actions
with user-groups. And then test for this condition.
> - not the authorization level of the *current user* like with function
> CondAuth)
>
> I would like to allow the use of sensitive features like<script> or
> <embed> only on
> pages that require @editors or admin (and enable captchas for editing on
> all other pages)
So from config.php (or a group config) you would only define the markup
for <script> or <embed> if the user belonged to the editor group. So the
question is how to test whether a user is in a group. Well is you're
using AuthUser you can do:
if ($AuthList['@editors'] > 0)
If you're not using AuthUser then it's trickier, since PmWiki security
is based around read/edit/admin access to pages, not actions/user-groups.
~ ~ David
More information about the pmwiki-devel
mailing list