[pmwiki-users] how to prevent access to the EditForm in a Forum

Hans design5 at softflow.co.uk
Tue Oct 31 03:51:38 CST 2006


Tuesday, October 31, 2006, 8:59:36 AM, Florian wrote:

> i've implemented Forumstyled and commentboxplus in order to create a Forum.
> This Forum is a group itself. Now i try to make this area secure. Well use a conditional to show
> the commentbox if a user is loggedin has the edit rights for the Forumarea. Using dynamic
> Pageactions the tab "edit" isn't available neither (only for
> admins). But since the users having
> edit-rights, they can open the Site.EditForm simply by adding
> ?action=edit. This is what i would
> like to prevent. How can this be made possible without setting a read-password on it?

I don't understand you quite.
You say logged-in users have edit permission?
so they see the commentbox, and can edit the page, even though the
edit etc action links are shown only to the admin.
This seems to be what should happen, since they have edit permission.

If you use authuser I think you can assign each user to a @user group,
and have a conditional markup checking against this:
(:if auth @user:)(:commentbox:)
But I have not tested this.


Hans





More information about the pmwiki-users mailing list