[pmwiki-users] CondAuth ignores $HandleAuth: Bug?
Stirling Westrup
sti at pooq.com
Sat Oct 6 16:50:36 CDT 2007
I've just tracked down a problem that I was having with a statement like:
(:if auth upload {$PAGE}:)
I presume (and I could be wrong) that this is supposed to test if the user has
the authority to upload to page {$PAGE}. It turns out that auth calls
CondAuth, which (among other things) tests $AuthCascade, but it completely
ignores $HandleAuth. In my config.php, I have the lines:
$DefaultPasswords['admin'] = '@admins';
$DefaultPasswords['edit'] = '@editors';
# Anyone with edit rights also has upload rights.
$HandleAuth['upload'] = 'edit';
So, although the standard (:if auth upload:) is false, I can, in fact, do an
?action=upload, and it will work. I fixed it by redefining auth as follows:
# redefine 'auth' so it cares about $HandleAuth
$Conditions['auth'] = 'NoCache(CondAuth2($pagename, $condparm))';
function CondAuth2($pagename, $condparm)
{ global $HandleAuth;
@list($level, $pn) = explode(' ', $condparm, 2);
$level = array_key_exists($level,$HandleAuth) ? $HandleAuth[$level] :
$level;
$pn = ($pn > '') ? MakePageName($pagename, $pn) : $pagename;
msg("lvl=$level, ha=$HandleAuth[$level], pn=$pn");
return (boolean)RetrieveAuthPage($pn, $level, false, READPAGE_CURRENT);
}
And now everything works as I expected. So, did I find and fix a bug, or did I
just mess things up in some subtle way that I don't yet understand?
More information about the pmwiki-users
mailing list