[pmwiki-users] authuser password denial

Neil Herber nospam at eton.ca
Tue Apr 18 13:47:05 CDT 2006


At 2006-04-18  09:46 AM -0500, Patrick R. Michaud is rumored to have said:
>I know that denials *do* work if specified as a password,
>thus setting a password to  "id:*,-Fred"  or  "@groupx id:-Fred"
>will authorize anyone but Fred.  But I'm not sure if it
>works in the @group syntax in Site.AuthUser -- I might have
>to look at it more closely to be sure.

I take it from this that to deny Fred access to Groupx, I need to set 
the Groupx.GroupAttributes read password 
to  "id:*,-Fred"  or  "@groupx id:-Fred". And for the second one to 
work SiteAuthUser needs to have "@Groupx: *" set.

That is probably a workable solution in my current state, since the 
number denied is smallest. It would be useful to have it work on the 
Site.AuthUser page, because then I can see all of the permissions at 
a glance and don't get stung by hidden attributes.


Neil Herber
Corporate info at http://www.eton.ca/ 





More information about the pmwiki-users mailing list