[pmwiki-users] Making new pages only editable by creator with AuthUser

Pierre Racine Pierre.Racine at sbf.ulaval.ca
Wed Sep 13 10:20:43 CDT 2006 


> -----Message d'origine-----
> De : Patrick R. Michaud [mailto:pmichaud at pobox.com]
> Envoyé : 13 septembre 2006 09:15
> À : Pierre Racine
> Cc : pmwiki-users at pmichaud.com
> Objet : Re: [pmwiki-users] Making new pages only editable by creator with
> AuthUser
> 
> On Tue, Sep 12, 2006 at 04:55:51PM -0400, Pierre Racine wrote:
> >    I trying to build a site using AuthUser where users can create pages
> that
> >    are automatically only editable by them (and by the site admin).
> >
> >    My config.php already contain this:
> >
> >    $DefaultPasswords['admin'] = crypt(`******');
> >    include_once("$FarmD/scripts/authuser.php");
> >    $Author = $AuthId;
> >    $EnablePostAuthorRequired = 1;
> >    include_once('cookbook/login.php');
> >
> >    If I set a default password for the edit action:
> >
> >    $DefaultPasswords['edit'] = crypt('******);
> >
> >    the system keeps on asking for a password until I give the admin one.
> >
> >    Without this restriction, even if I've set a site password, anybody
> can
> >    get to the edit page. They can not save it because I removed the
> author
> >    field and EnablePostAuthorRequired is set but this is another story.
> Isn't
> >    that a bug that they can get to the edit page?
> 
> No, not really -- we just have to look at the question correct,
> as it has two parts:  (1) who is allowed to create a page, and
> (2) who is allowed to edit a page once it's created?
> 
> For the first part (who is allowed to create a page), if you want to
> limit page creation to register users, then you need
> 
>     $DefaultPasswords['edit'] = 'id:*';
> 
> This says that only people who are logged in can edit a page.
> 
> For the second part (limiting editing of a page to its creator),
> we need a special function in the editing sequence to set the
> initial password of a page.  Fortunately this isn't too
> difficult -- put the following in config.php:
> 
>     function OnlyCreatorEdit($pagename, &$page, &$new) {
>       global $AuthId;
>       if (!PageExists($pagename))
>         $new['passwdedit'] = "id:$AuthId";
>     }
> 
>     array_unshift($EditFunctions, 'OnlyCreatorEdit');
> 
> This automatically adds an 'edit' password to any newly
> created page; the edit password limits further editing to
> the identity of the person that created it.
> 
> Of course, the admin password overrides all restrictions,
> as always.
> 
> Hope this helps,
> 
> Pm

Great! Thanks a lot Pm. You're doing a wonderful work.

I added: 
        $new['passwdattr'] = "id:$AuthId";

So password attributes are also set to the creator...

Pierre

More information about the pmwiki-users mailing list