[pmwiki-users] User authorization notes (was: A few wishes for PmWiki)

Patrick R. Michaud pmichaud at pobox.com
Mon Feb 28 10:32:43 CST 2005


On Mon, Feb 28, 2005 at 04:36:37PM +0100, Barthelemy, Christian wrote:
> - A simple User Management system based on ACLs: the best I have seen so far
> is the one from wikka: http://wikka.jsnx.com/ACLInfo.

Actually, having looked at it, the one that wikka is using is very
close to what I've planning to do for PmWiki's user-authorization
system.  Essentially, in addition to setting read/edit/attr passwords,
one would be able to specify passwords like:

   user:Pm,JohnRankin     (only Pm and JohnRankin)
   user:auth              (any authenticated user)
   user:-JMorris          (anyone except JMorris)
   user:-JMorris,auth     (any authenticated user except JMorris)

One will also be able to specify passwords as before, thus

   reallysecret user:Pm

will grant access to Pm or anyone who knows the password "reallysecret".

One item I haven't quite figured out is how to fix the Page Attributes
dialog where there are mixed passwords and user-authorizations.  
Currently the dialog presents all of the fields as blank, but this
won't really work where someone is wanting to change the existing user
settings.  I may simply repeat the user-based settings to the right
of the password input field, along with a notation for any encrypted
per-page passwords.

Finally, to try to make things easier when debugging password problems,
I think I'm going to change the password prompt so that when someone
is prompted for a password, the prompt will also indicate whether
the restriction is per-page, per-group, or from a site default.

Pm



More information about the pmwiki-users mailing list