[pmwiki-users] how to prevent access to the EditForm in a Forum
Tegan Dowling
tmdowling at gmail.com
Tue Oct 31 09:36:05 CST 2006
On 10/31/06, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> On Tue, Oct 31, 2006 at 10:30:42AM +0000, Hans wrote:
> > Tuesday, October 31, 2006, 10:07:58 AM, Florian wrote:
> >
> > > this is exactly what i've already done. But i try to explain it again. Normal users with
> > > editrights can edit by entering a message in the commentbox (visible by a conditional). This
> > > works fine. The output of (:commentboxchrono:) is shown above the commentbox. If a user with
> > > editrights knows that he can modify the already posted messages by entering the normal EditForm
> > > by adding ?action=edit to the URL, this isn't a good thing.
> > [...]
> > Failing this we probably need another layer of password attributes,
> > like comment:
> > read, comment, edit, attr, admin
> > I think this has been mentioned before, but i am not familiar with it.
>
> Thus far I've been hoping to avoid another authorization level,
> if only because it seems to complicate things even further
> than they already are. But I'm still working out the details.
I'm not sure of the wiki syntax for it, but I think there's an if
action= sort of thing? So you can say something like
if action=edit then action=browse?
Whatever that should be, could you then do a compound conditional that
says something like (:if expr ! auth admin || action
edit:)action=browse
That kind of idea?
More information about the pmwiki-users
mailing list