[pmwiki-announce] pmwiki-2.0.beta50 released

Patrick R. Michaud pmichaud at pobox.com
Wed Jul 20 13:15:23 CDT 2005


I've just released pmwiki-2.0.beta50, which primarily provides
improvements to the authorization semantics.  Below are the major
changes since the last announcement (2.0.beta44).

There have been two major improvements to the authorization 
semantics in PmWiki:

1. The $HandleAuth array can be used to set the authorization 
level required for executing a corresponding action. For example, 
setting $HandleAuth['diff'] to 'edit' means that edit 
authorizations are required to view the page history (?action=diff). 
Similarly, setting $HandleAuth['source'] to 'admin' means that 
only the admin would be able to use ?action=source.

2. Passwords can now "cascade" -- that is, if a page sets a 
'read' password but not an 'edit' password, then the read 
password is also used as the edit password. Similarly, if a 
page sets an 'edit' password but not an 'attr' password, 
then the edit password is also used as the attr password.

This resolves situations where authors set an edit password 
on a page but don't set a corresponding attr password -- the
edit password becomes used for both.

This does not change PmWiki's other passwording characteristics -- 
i.e., page passwords still override group passwords, and group 
passwords still override site passwords. Password cascading is 
only used where there's no page, group, or site password set 
for a given authorization level. 

If this all sounds confusing, well, it is.  Authorization is
just a tricky business, and we'll find ways to make it all 
somewhat less confusing.  But the bottom line is that PmWiki 
now generally protects things the way people would expect it to.

In addition to changes to authorizations, this release adds
a Content-Disposition header for attachments that are retrieved
through PmWiki (e.g., when $EnableDirectDownload is zero).

Comments, suggestions welcome as always.

Pm



More information about the pmwiki-announce mailing list