[Pmwiki-users] Re: PmWiki development - User Authentication

Patrick R. Michaud pmichaud
Mon Jun 7 10:09:08 CDT 2004 

Excellent, this is a perfect example and we can build from this.
First, I have some questions--when someone comes to a page on the
site for the first time the controls will be hidden.  How should 
an editor or other authorized person get the controls to appear... 
is there a "login" link or something for them to follow?  Or perhaps 
editors should be required to go to a login page of some sort 
and after that they can see the controls?

Since this scenario is really about hiding controls from unauthorized
users, and not about assigning rights to individual users, is it
necessary for each authorized user to have his own username and password,
or is it sufficient to just have a shared password for the editors?

Pm

On Mon, Jun 07, 2004 at 09:18:10PM -0700, Steven Leite wrote:
> I'd be happy with a simplistic approach (for now).
> 
> To help cut down on spamming, I'd like to control "certain parts" of my
> website, or rather, dis-allow certain function on pages.  Although this
> is already possible with PmWiki (by setting page attributes?), I would
> also like to "hide" the controls.
> 
> The direction I personally would like to go is to have a Wiki that
> "looks and feels" just like a regular website (eg. nobody can edit it
> except the admin, or a select group of editors, say in a corporate
> environment), but also have certain places where edits (and
> contributions) are allowed.
> 
> Again, this is already possible in PmWiki by setting page attributues (I
> think group attributes are also possible?).  But it's not elegant.
> 
> Is that real-world enough?
> 
> -Steven
> 
> ----- Original Message ----- 
> From: "Patrick R. Michaud" <pmichaud at pobox.com>
> To: "Steven Leite" <steven_leite at kitimat.net>
> Cc: <pmwiki-users at pmichaud.com>
> Sent: Monday, June 07, 2004 7:31 AM
> Subject: Re: [Pmwiki-users] PmWiki development
> 
> 
> > On Mon, Jun 07, 2004 at 07:43:31PM -0700, Steven Leite wrote:
> > > There was a lot of talk a while ago about introducing (some form) of
> > > user authentication.  Just wondering if you'd given any thought to
> that
> > > in this new design.  Where does that rank on the Development list?
> (eg.
> > > High, Med. Low?)
> >
> > I haven't given it much thought, simply because I still haven't come
> > up with any good ideas about how to control authorization (determining
> > what actions a user is allowed to perform and where) after a user has
> > been authenticated.
> >
> > I can come up with simplistic systems such as "limit edits to
> > authenticated users" and "always allow authenticated users to
> > perform actions X,Y,Z", but once we get into things such as
> > access control lists with "allow users A, B, and C to edit
> > pages D and E; allow users A and C but not H to edit groups
> > F and G; etc." then I'm at a loss as to how to make a simple
> > interface for maintaining the access control lists.
> >
> > This is another one of those cases where it would help tremendously
> > to have a real-world example of what is needed, rather than to
> > try to guess based on what is possible.
> >
> > Pm
> >
> >
> >
>

More information about the pmwiki-users mailing list