[pmwiki-users] how to prevent access to the EditForm in a Forum
Hans
design5 at softflow.co.uk
Tue Oct 31 04:30:42 CST 2006
Tuesday, October 31, 2006, 10:07:58 AM, Florian wrote:
> this is exactly what i've already done. But i try to explain it again. Normal users with
> editrights can edit by entering a message in the commentbox (visible by a conditional). This
> works fine. The output of (:commentboxchrono:) is shown above the commentbox. If a user with
> editrights knows that he can modify the already posted messages by entering the normal EditForm
> by adding ?action=edit to the URL, this isn't a good thing. And
> someone who is familiar to PmWiki
> knows that if he has editrights he can edit a message by adding ?action=edit although there are
> no editlinks. Is it possible to limit the access to the EditForm only to admins? In my Forum no
> one except the admin should be able to modify existing
> messages,i.e. the EditForm shouldn't be
> available for normal user with editrights.
With a @user group defined in Site.AuthUser, and users loggin in,
you could use I think
(:if authid:)(:commentboxchrono:)(:if:)
which should only show the commentbox for someone who has logged in.
But logged-in does not mean automatic edit rights everywhere.
I have not checked this out though!
Failing this we probably need another layer of password attributes,
like comment:
read, comment, edit, attr, admin
I think this has been mentioned before, but i am not familiar with it.
Hans
More information about the pmwiki-users
mailing list