[pmwiki-users] Re : Auth issue

Jean-Fabrice [gmail] jeanfabrice at gmail.com
Tue Aug 22 02:20:38 CDT 2006


>
> I will try on a fresh new installation to confirm the problem I get.
> Im' using AuthUser with .htpasswd. The problem also occurs if the
> editor user is declared in .htpasswd


I have just tested this setup on a fresh new 2.1.14 and I encountered the
same issue.
Extract from the config.php :
$AuthUser['adminuser'] = array('<encoded_password>','@administrator');
$AuthUser['editoruser'] = array('<encoded_password>','@editor');
$DefaultPasswords['read'] = 'id:*';
$DefaultPasswords['admin'] = '@administrator';
$DefaultPasswords['upload'] = array('@administrator','@editor');
$DefaultPasswords['edit'] = array('@administrator','@editor');
$DefaultPasswords['attr'] = $DefaultPasswords['admin'];
$AuthUser['htpasswd'] = 'local/.htpasswd';
include_once("$FarmD/scripts/authuser.php");

What I did is :
1) As editoruser, create /Test/Test page (fresh new group, fresh new page)
2) As adminuser, update /Test/Test attributes and set @_site_edit as read
password (instead of the site defined id:*)
3) Try to access /Test/Test as editoruser => read denied
4) Try to access /Test/Test as adminuser => read allowed
5) Try to edit /Test/Test as editoruser => edit allowed

Is this a bug or am I misunderstanding the @_site_edit shortcut ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20060822/1ba4265c/attachment.html 


More information about the pmwiki-users mailing list