[pmwiki-users] UserAuth2 and WikiCalendar problem
IchBin
weconsultants at gmail.com
Tue Jun 12 12:55:35 CDT 2007
ThomasP wrote:
> On Tue, June 12, 2007 18:21, IchBin wrote:
>> Not to be missing anything I have this output _<below>_. I am not given
>> authorization.
>>
>> - When trying to update with the markup for formated message to a
>> calendar page:
>> UA2ErrorLog: 'Access to Calendar/20070612 at level edit NOT granted. '
>>
>>
>> - Be interesting to find out what is supposed to be uploaded every
>> screen refresh:
>> UA2ErrorLog: 'Warning: Someone asking for permission for unknown level
>> 'upload'. Refused.
>>
>>
>> - Wondering if this is a problem with the period or just displaying a
>> period at the end the sentence as part of the display message:
>> UA2ErrorLog: 'Loading perm record for WET. '
>>
>> - Is this wrong? I would figure this is a content page:
>> UA2ErrorLog: 'Calendar/20070612 is a content page: no '
>>
>
> Thanks for the detailed error log - this is really useful.
>
> The problem is definitely at least due to having a slash in the queried
> page name. The UA2 module is CleanUrls-blind, meaning that it will always
> expect "dotted" page names, like "Calendar.20070612". For this reason the
> first query (first item you listed above) is not granted, and also the
> page is falsely not recognized as content page.
>
> The solution is to add the already mentioned str_repl('/', '.', $pagename)
> statement to the module, the trick is only to put it in the right place
> such that is encountered in any case. My approach was that since every
> engine call will enter at UserAuth2(), it is save to place it exactly
> there. As far as I can see now this is the only entry point right now, so
> it must work.
>
> The "upload" puzzle is another issue. First that the query is issued does
> not necessarily mean that something should be uploaded - rather on parsing
> the page the engine might want to find out whether a certain upload link
> (see Site.PageActions) should be _displayed_ or not. The problem here is
> that for some reason the first call to the UA2 module takes place _before_
> the scripts/upload.php is loaded (where $HandleAuth['upload'] = 'upload'
> is set), and so the upload action is not yet known.
>
> A solution here might be to just change the order of script inclusions. If
> this does not help, just have a
>
> $HandleAuth['upload'] = 'upload';
>
> before including userauth2.php and everything will be fine.
>
> Thomas
>
>> Here is what I captured and when:
>>
> _____________________________________________________________________________________________
>> LOAD OF PMWIKI TO FIRST PAGE:
>> _____________________________________________________________________________________________
>> UA2ErrorLog: 'Loading perm record for GuestUsers. '
>> UA2ErrorLog: 'Someone trying to access page Site.Login at level read. '
>> UA2ErrorLog: 'Site.Login is a content page: no '
>> UA2ErrorLog: 'Access to Site.Login at level read granted. '
>>
>>
>
> This is ok.
> _____________________________________________________________________________________________
>> AFTER LOGIN WITH 'WET' ACCOUNT NAME:
>> _____________________________________________________________________________________________
>> UA2ErrorLog: 'Loading perm record for GuestUsers. '
>> UA2ErrorLog: 'Someone trying to access page Main.HomePage at level read. '
>> ...
>> UA2ErrorLog: 'CheckUserPerms user admin page Site.PageActions level
>> read... '
>
> This is all ok.
>
>> UA2ErrorLog: 'Warning: Someone asking for permission for unknown level
>> 'upload'. Refused. '
>>
>>
>
> This does not work because of reason given above.
>
> _____________________________________________________________________________________________
>> AFTER SELECTING THE CALENDAR LINK
>> _____________________________________________________________________________________________
>> UA2ErrorLog: 'Loading perm record for GuestUsers. '
>> UA2ErrorLog: 'Someone trying to access page Calendar.Calendar at level
>> read. '
>> UA2ErrorLog: 'Calendar.Calendar is a content page: yes '
>> UA2ErrorLog: 'CheckUserPerms user admin page Calendar.Calendar level
>> admin... '
>> UA2ErrorLog: 'Warning: Someone asking for permission for unknown level
>> 'upload'. Refused. '
>>
>>
>
> Same.
>
> _____________________________________________________________________________________________
>> AFTER SUBMITTING FORMATED MESSAGE:
>> _____________________________________________________________________________________________
>> UA2ErrorLog: 'Loading perm record for GuestUsers. '
>> UA2ErrorLog: 'Someone trying to access page Calendar/20070612 at level
>> edit. '
>> UA2ErrorLog: 'Calendar/20070612 is a content page: no '
>> UA2ErrorLog: 'CheckUserPerms user WET page Calendar/20070612 level edit...
>> '
>> UA2ErrorLog: 'Access to Calendar/20070612 at level edit NOT granted. '
>> UA2ErrorLog: 'CheckUserPerms user WET page Calendar/20070612 level
>> admin... '
>> UA2ErrorLog: 'CheckUserPerms user LoggedInUsers page Calendar/20070612
>> level admin... '
>> UA2ErrorLog: 'CheckUserPerms user admin page Calendar/20070612 level
>> admin... '
>
> In short: slashs are bad. Therefore no pass.
Funny thing is that I do have the str_replace('/', '.', $pagename) as
the first line of executable code for function UserAuth2(). Apparently
that is not the correct place to do the normalization of the url.
function UserAuth($pagename, $level, $authprompt=true) {
return UserAuth2($pagename, $level, $authprompt);
}
function UserAuth2($pagename, $level, $authprompt=true) {
// If called with $authprompt==true, the function is expected
// to produce either the specified page to the client or
// print the login page. If called with $authprompt==false, the
// caller just wants to know whether the current user has the
// permission to access the specified page at the given level.
// Still, the pmwiki engine demands the page being returned on
// success, since it needs the time stamps and other fields.
// Fix to normalize the page url to use '/' and not '.'
str_replace('/', '.', $pagename);
--
Thanks in Advance... http://weconsulting.org
IchBin, Philadelphia, Pa, USA http://ichbinquotations.weconsulting.org
______________________________________________________________________
'If there is one, Knowledge is the "Fountain of Youth"'
-William E. Taylor, Regular Guy (1952-)
More information about the pmwiki-users
mailing list