[pmwiki-users] Authorization Configuration Puzzle.

[Stirling Westrup]

I have a working PmWiki which, up till now, I've been working on alone. Now I
would like to add some limited access and editing rights for a few other
people, and I'm getting confused with how to set up the Authorization levels
to get the desired effects. Any help would be appreciated.

To start with, I'm running the latest version of PmWiki, and am just using the
basic authorization system. ie, just passwords, no user names. I'm using the
drafts feature, and I've set up a separate Publish password. My authorization
setup at the moment is dead simple:

 $DefaultPasswords['admin'] = crypt('adminpass');
 $DefaultPasswords['edit'] = crypt('editpass');
 $DefaultPasswords['attr'] = '@_site_edit';

 $EnableDrafts = 1;
 $DefaultPasswords['publish'] = crypt('editpass');
 $AuthCascade['publish'] = 'edit';
 $PageAttributes['passwdpublish'] = '$[Set new publish password:]';

So far this is all working fine, but I need to make some changes. To begin
with, the following is working, and I need to keep it that way:

 a) by default most pages are public, read-only and cannot be edited.
 b) Two groups (Private and Project) are normally unreadable.
 b) the Sandbox group pages can be edited by anyone.
 c) the admin can do whatever he wants (of course)
 d) there is a password (editpass) that allows
    1) reading pages in the Private and Project groups.
    2) editing any pages (including all unreadable groups and Site pages)
    3) publishing draft pages

But now I also need these features:

 e) there is another password (projectpass) that allows
    1) reading the Project group, but not the Private or Secret ones.
    2) making new drafts in the Tech and Project groups.
    3) publishing changes in the Project group, but not the Tech one.

How should I set that up, without breaking what I have now?