[pmwiki-users] Limiting Group access via AuthUser groups
Petko Yotov
5ko at 5ko.fr
Thu Oct 31 15:57:20 CDT 2013
michael paulukonis writes:
> Is there a programmatic way to restrict group access?
> I'm setting up a wiki for others to maintain, who will be creating users and
> Groups.
> Each Group should be restricted to one AuthUser group.
> Ideally, the AuthUser group would have the same name as the Group.
>
> This would mean that once a Group is created and users are added to the
> AuthUser group, no further action would have to be taken by the
> administrator.
>
> However, I haven't figured out how to set Group restrictions without using
> {Group}.GroupAttributes?action=attr and manually setting the group.
>
> Would it be possible to do something like the following in local/config.php ?
>
> // exclude Groups like PmWiki, Main, etc.
> if ($Group != 'Site') {
> $DefaultPasswords['read'] = array('@$Group', 'id:admin'); // restrict to
> group and admin
> }
Something like this may appear to work but it may unexpectedly create read
permissions, for example via (:include...:) or via Page(Text)Variables. A
user in one Group may use (:include OtherGroup.MainPage:) and see the
rendered HTML of that OtherGroup.
It is best to enter the user group in the GroupAttributes?action=attr page,
or to programmatically create these pages.
See the recipe http://www.pmwiki.org/wiki/Cookbook/AutoGroupPages . You can
insert inside that function something like:
$group = FmtPageName('{$Group}', $pagename);
$template = ReadPage('Templates.GroupAttributes');
$template['passwdread'] = "@$group"; # or strtolower("@$group");
$template['passwdedit'] = "@$group";
$template['passwdattr'] = "@$group";
WritePage("$group.GroupAttributes", $template);
See also http://www.pmwiki.org/wiki/PmWiki/EditVariables#AutoCreate which
may potentially be of use.
Petko
More information about the pmwiki-users
mailing list