[Pmwiki-users] User based security?

Steven Leite steven_leite
Mon Feb 23 21:24:47 CST 2004


Re:  Authenticatino Scheme

I'd like to see a db of some sort which contains a list of users with
special access permissions.  Users with special access permissions would be
granted edit access to .Groups or .Pages or .Group.Pages.

I'd like to see it done in PHP instead of Apache because then it's only
useful to those people using Apache.

I'd like to see an Auth. Scheme that gives special edit / admin functions to
specific users.  Pages would not be set with passwords.  Page security would
be based on user level (anyone, editors, admins).

So if a page has Edit=Admins, then the current user will be denied access,
unless he/she is in the db, AND they have access to that .Group, or .Page.

To go a step further, how difficult would it be to give pages access control
such as:  (anyone, editors, admins, or specific users).  So for example,
only "Pm" would have "edit" access to edit the Profiles.Pm page, but "view"
access would be for "anyone".

PHP has athentication and sessions .. I'm not sure what that eludes to, but
I'm thinking a PHP solution would be a more universal solution, and it makes
more sense since pmwiki is written in php anyways.

Lastly, I think it should definately be an add-on, not incorporated - it
just goes against the wiki nature :-)

Just my thoughts,

--S


----- Original Message ----- 
From: "Patrick R. Michaud" <pmichaud at pobox.com>
To: "J. Perkins" <jason at sim8.com>
Cc: "pmwiki-users-L" <pmwiki-users at pmichaud.com>
Sent: Monday, February 23, 2004 5:23 PM
Subject: Re: [Pmwiki-users] User based security?


> On Mon, Feb 23, 2004 at 12:54:46PM -0500, J. Perkins wrote:
> > I had been working on a "user security" addon for 0.5.x, but abandoned
> > it when the author-tracking stuff was added to 0.6. I would like to have
> > a way to control access to the wiki on a user level, rather than having
> > "site", "group", and "page" passwords. In my case, the people being
> > allowed access changes rather frequently, and some users are
> > understandably annoyed when they have to remember a new set of
passwords.
> >
> > Anyway, before I start trying to do this myself, are there any plans to
> > make such a system part of the official distribution?
>
> I've been planning on writing a cookbook module or optional scripts module
> that would use Apache's built-in user authentication methods (i.e., via
> .htaccess files) as a substitute for PmWiki's current authentication
> scheme.  This would be used for access control and for identification
> (authorship).  Would that be enough?
>
> Initially, access control levels would probably be specified in
> arrays; i.e., something like:
>
> $HTAccess['read'] = ''; # anyone can read
> $HTAccess['edit'] = 'valid-user'; # anyone with a valid password can edit
> $HTAccess['upload'] =                   # frankr, harryt, and abel can
upload
>   array('frankr', 'harryt', 'abel');
> $HTAccess['attr'] = 'harryt';           # only harryt can change passwords
> $HTAccess['admin'] = 'gwash';           # gwash has admin access
>
> although I'm not sure if it will be possible to allow anonymous read
access
> when using .htaccess authentication.  Of course, more complex access
control
> list mechanisms could easily be built on top of this simplistic one.
>
> We could also see about combining the authentication mechanisms; i.e.,
> have a username+password scheme combined with the current page/group
> passwords.
>
> It may also be possible to code up a user-authentication scheme based
> on the pages stored in the Profiles/ directory, but I haven't thought
> about it that much yet.  If that would be preferred over .htaccess
> authentication I can work on that (in my "spare time" :-).
>
> Pm




More information about the pmwiki-users mailing list