[pmwiki-users] questions about user authentication

Patrick R. Michaud pmichaud at pobox.com
Tue Apr 12 20:59:22 CDT 2005 

On Tue, Apr 12, 2005 at 09:05:57PM -0400, Crisses wrote:
> >Q5: How soon would you likely start to use or implement user
> >authorization on your site(s) once these features are available?
> 
> I will probably upgrade my odd layered site to a new auth method to 
> test it out.  As far as I know, my nested-privilege wiki model is not 
> supported in PmWiki 2.x.  However I would like to upgrade.

Actually, your "nested-privilege wiki model" is now supported in 
2.0.beta29, even without user authentication.  To illustrate:

You have four levels of access, each level having its own password.
Plus, having level 1 access automatically confers permission to 
levels 2, 3, and 4; level 2 access automatically confers permission
to levels 3 and 4; and level 3 access automatically confers permission
to level 4.

For convenience, let's call the groups Level1, Level2, Level3, and Level4,
and let's assume that "alpha", "beta", and "gamma" are the level 1-3
passwords respectively.  Level 4 will be "public access" and require no
password.  

Okay, for level 1, only the "alpha" password allows access, so you 
set the password in Level1.GroupAttributes to be "alpha".

For level 2, either the "alpha" or "beta" password are sufficient,
so you would set the passwords in Level2.GroupAttributes as "alpha beta".
This means that anyone who knows either the "alpha" or "beta" passwords
will be allowed to access Level2 pages.  Of course, knowing the
"beta" password isn't sufficient to get to Level1 pages, because that's
not a valid password for level 1, but now having the "alpha" password
gets you both places.

For level 3, any of the passwords work, thus set the passwords
in Level3.GroupAttributes to be "alpha beta gamma".  

That's all there is to it!  :-)  Give your level 1 users the "alpha"
password, the level 2 users the "beta" password, and the level 3
users the "gamma" password and you're set to go with your nested
privileges.

Of course, this doesn't prevent you from also doing user-based
authentication if you want, but it's certainly not required.  :-)

Pm

More information about the pmwiki-users mailing list