[pmwiki-users] New AuthUser Functionality

Christopher Dant cdant at virsa.com
Fri Nov 25 11:36:38 CST 2005 

> This is coming via AuthList/AuthTable; see 
> http://www.pmwiki.org/wiki/Test/AuthList for an example.  
> I'm still working out the formatting for this report.

Looks good! A couple of suggestions:
- each permission indication (page, group) a hyperlink to the attr for
that page
- (or a link to a list of users with that permission on the page)
- page list is a link to list of users with access to that page, not the
page itself
- option to display only pages / groups with set permissions

> The authorization system is so complex already that I'm hesitant to
> add yet another dimension to it.  (This isn't a "no", it's
> just a "we really need to clean up other things first".)

Understood!

> The way these are described (especially the last one) 
> somewhat assumes 
> that we have a list of users somewhere.  Since authuser allows 
> authentication against external databases and authentication systems, 
> that could be sort of tricky, and if the authentication database has 
> several thousand users, we probably don't want the complete list.

Again, I understand but on this I worry. Perhaps we don't need all
users, just those users with explicitly set permissions. This could be
gleaned from the wiki, not the potentially external auth system.

> More likely is to simply scan a set of pages and report any users
> explicitly listed in those pages.

Ah, this works. Although it would be expensive we could get a list of
users from that scan. I just want to see a second list sorted by users,
not just pages.

> I'm not seeing the group (or page) in each of the above.  Plus,
> this is somewhat backwards in that a user could have multiple
> permission levels (e.g., "read,upload").  Also we'd want to 
> list authorization groups somehow ("@editors"), and I'm not 
> quite sure how to do that.

I only showed Groups, since that has seemed to me to be the most
effective way of managing permissions on my intranet site, and I only
showed one permission. A table would be a better approach. A better
example might be:



A. Group / Page  / User

Site
    id:*    read
    admin   admin edit read
Protected
    admin    admin edit read
    bert     read
    ernie    read
    sally    edit	read
Protected.SuperSecret
    admin    admin edit read
    sally    edit	read



B. User / Group / Page

In CSV terms (although a table is better on the site) how about [id,
group.page, "permissions list"]:

id:*, Site, "read
admin, Site, "admin edit read"
admin, Protected, "admin edit read"
admin, Protected.SuperSecret, "admin edit read"
bert, Protected, "read"
ernie, Protected, "read"
sally, Protected, "edit read"
sally, Protected.SuperSecret, "edit read"

More information about the pmwiki-users mailing list