[pmwiki-users] Still Problems with Auth Users and Groups

Tue Nov 7 17:54:58 CST 2006

Tuesday, November 7, 2006, 11:04:24 PM, Boris wrote:

> Did I misunderstand someting, is it actually possible to use authentication
> groups and to include certain users and then allow these authentication
> groups to either read edit or not to read or edit certain site groups like
> main.hompage?

Yes. Please also see http://www.pmwiki.org/wiki/PmWiki/AuthUser
for instructions how to create user accounts and organising accounts
into groups.
For your setup:
Set up user accounts and authentication groups on page Site.AuthUser.
user Anton password 'MeinPasswort' set up like:
Anton: (:encrypt MeinPasswort:)
etc for all users. so each user has a password associated with the
name. When saving the page the passwords will be encrypted and you
will not be able to read them again!

Then set up groups on the same page like this:
@management: A, B
@staff: A, B, C, D, E

Now you can use the group names '@management' and '@staff' to set
access levels for the groups:
In config.php set a general password for admin:

$DefaultPasswords['admin'] = '@management';

Meaning all members of group @management (A and B) can do anything
on all pages.
Further add to config.php:

$DefaultPasswords['read'] = '@management';

meaning only members of @management can read any page.

Now this is not quite what you want, since @staff members shall not be
able to read or edit page of the 'Management' group, nor be able to
edit pages of the 'Main' group, but be able to read it, and be able to
edit and read pages in group Staff.
So you need to change the group attributes for these groups:

Set a read password for the 'Main' group, by going to
Main.GroupAttributes?action=attr
and set in the 'read' field: @staff, at management
which wiil allow @staff as well as @management to read this group.

And set a edit password for the Staff group, by going to
Staff.GroupAttributes?action=attr
and set in the 'edit' field: @staff, at management
which will allow @staff as well as @management to edit any page in
this group.

For group 'Management' we don't need to do anything, since we
explicitly allow @staff only access to Main and Staff groups,
and did not grant them general 'read' access to all pages.

By definition for the default admin password set in config.php
@management members can do anything on all pages.
So we did not need to mention them in the GroupAttributes setting of
passwords. To set the relevant fields for @staff would have been
enough. But I wanted to include it to make it more comprehensible and
to demonstrate the principle of adding various groups.
you can also add individuals in the Attribute fields with
id:Anton or id:A,B,C,D

Hope this makes it a little clearer.

Hans