[pmwiki-users] Making new pages only editable by creator with AuthUser
Pierre Racine
Pierre.Racine at sbf.ulaval.ca
Wed Sep 13 10:20:43 CDT 2006
> -----Message d'origine-----
> De : Patrick R. Michaud [mailto:pmichaud at pobox.com]
> Envoyé : 13 septembre 2006 09:15
> À : Pierre Racine
> Cc : pmwiki-users at pmichaud.com
> Objet : Re: [pmwiki-users] Making new pages only editable by creator with
> AuthUser
>
> On Tue, Sep 12, 2006 at 04:55:51PM -0400, Pierre Racine wrote:
> > I trying to build a site using AuthUser where users can create pages
> that
> > are automatically only editable by them (and by the site admin).
> >
> > My config.php already contain this:
> >
> > $DefaultPasswords['admin'] = crypt(`******');
> > include_once("$FarmD/scripts/authuser.php");
> > $Author = $AuthId;
> > $EnablePostAuthorRequired = 1;
> > include_once('cookbook/login.php');
> >
> > If I set a default password for the edit action:
> >
> > $DefaultPasswords['edit'] = crypt('******);
> >
> > the system keeps on asking for a password until I give the admin one.
> >
> > Without this restriction, even if I've set a site password, anybody
> can
> > get to the edit page. They can not save it because I removed the
> author
> > field and EnablePostAuthorRequired is set but this is another story.
> Isn't
> > that a bug that they can get to the edit page?
>
> No, not really -- we just have to look at the question correct,
> as it has two parts: (1) who is allowed to create a page, and
> (2) who is allowed to edit a page once it's created?
>
> For the first part (who is allowed to create a page), if you want to
> limit page creation to register users, then you need
>
> $DefaultPasswords['edit'] = 'id:*';
>
> This says that only people who are logged in can edit a page.
>
> For the second part (limiting editing of a page to its creator),
> we need a special function in the editing sequence to set the
> initial password of a page. Fortunately this isn't too
> difficult -- put the following in config.php:
>
> function OnlyCreatorEdit($pagename, &$page, &$new) {
> global $AuthId;
> if (!PageExists($pagename))
> $new['passwdedit'] = "id:$AuthId";
> }
>
> array_unshift($EditFunctions, 'OnlyCreatorEdit');
>
> This automatically adds an 'edit' password to any newly
> created page; the edit password limits further editing to
> the identity of the person that created it.
>
> Of course, the admin password overrides all restrictions,
> as always.
>
> Hope this helps,
>
> Pm
Great! Thanks a lot Pm. You're doing a wonderful work.
I added:
$new['passwdattr'] = "id:$AuthId";
So password attributes are also set to the creator...
Pierre
More information about the pmwiki-users
mailing list