[Pmwiki-users] Nested group permissions

pmichaud at pobox.com pmichaud at pobox.com
Wed Apr 30 08:24:29 CDT 2003


On Wed, 30 Apr 2003, kinhost wrote:

> I want people with XXX password to automatically be granted access to
> G-Rating, PG-13, and NC-17 (while PG13 would only have access to G-Rating).
> So I want the people in the most restricted circles to be given access to
> the less restricted circles.  For example:  If you're over 18, you can rent
> all the movies.  If you're 6, you can only rent Blues Clues and the like :)
> 
> > In addition, you're wanting attr passwords to automatically imply
> > edit/read permissions, and edit passwords to automatically imply read
> > permissions.
> 
> Yes.  I was thinking it was absurd to have to hand someone 8 passwords if
> they have XXX read & write access to my wiki.  

Agreed, but (so far) you're the only one who's needed to be able to
"borrow" passwords from other groups.  :-)

> > Is it a requirement that your authors be able to set/change passwords
> > via the web page, or would it be sufficient to have all of the passwords
> > set/maintained in local.php by the WikiAdministrator?
> 
> I don't really need anyone but me to set passwords, so it is not a
> requirement that authors be able to set/change passwords on the web pages.

Ah, this makes it relatively easy then.  What we'll do is manipulate the
$DefaultPasswords array based on the groups and use that exclusively for
password access--i.e., the page passwords won't get used at all.  First,
since authors don't need to be able to change passwords, we'll disable
the "attr" password entirely (the code below goes in local.php or
equivalent):

    $DefaultPasswords['attr'] = '*';

Next, create an array with the group levels--higher levels will
have access to lower ones--and an array of read/edit passwords 
for each group:

    $grouplevels = array('G-Rating'=>1, 'PG-13'=>2, 'NC-17'=>3, 'XXX'=>4);
    $pwread['G-Rating'] = crypt('alpha');
    $pwedit['G-Rating'] = crypt('beta');
    $pwread['PG-13'] = crypt('gamma');
    $pwedit['PG-13'] = crypt('delta');
    $pwread['NC-17'] = crypt('epsilon');
    $pwedit['NC-17'] = crypt('zeta');
    $pwread['XXX'] = crypt('eta');
    $pwedit['XXX'] = crypt('theta');

Note that each of the $pw entries can be arrays if you want to
distribute some multiple passwords.  Then, figure out what group 
we're in, and get the level for the current group:

    $group = FmtPageName('$Group',$pagename);
    $thislevel = $grouplevels[$group];

And finally, set up the $DefaultPasswords entries depending on
the current group.  Basically, passwords in groups with equal or 
higher levels than the current one are added to the arrays:

    foreach ($grouplevels as $g=>$v) {
      if ($v>=$thislevel) { 			
        $DefaultPasswords['read'] = 
          array_merge($DefaultPasswords['read'],$pwread[$g]);
        $DefaultPasswords['edit'] =
          array_merge($DefaultPasswords['edit'],$pwedit[$g]);
      }
    }

Finally, allow all of the edit passwords to be accepted for read
actions:

    $DefaultPasswords['read'] = 
      array_merge($DefaultPasswords['read'],$DefaultPasswords['edit']);

That's it!  Let me know if you need any clarification on anything.

Pm

P.S.: In some future version of PmWiki there will probably be a 
configuration variable that allows the site admin to specify a 
custom authentication function to be used instead of 
ReadAuthPage--but I'm not quite there yet.






More information about the pmwiki-users mailing list