[pmwiki-users] upload page permissions...

[adam overton]

hi
i'm trying to allow users with 'edit' permissions to upload files to  
their pages.
this is my current set of permissions for the site:

	$DefaultPasswords['admin'] = crypt('adminPwd'); // sets the admin  
password
	$DefaultPasswords['edit'] = crypt('defaultPwd'); // sets the  
password to edit all pages on the entire site
	$AuthCascade['upload'] = 'edit';  // if you can edit, then you can  
upload

and then i have given users the ability to change their permissions  
for the groups that they create and have edit privileges:

	($group!="PmWiki") ) {
		$AuthCascade['attr'] = 'edit';  // if you can edit, then you can  
set attr
	} else {
		$AuthCascade['attr'] = 'admin';  // for all main Site place, set  
'attr' to 'admin' password
	}


this DOES allow an edit-user to upload files (for instance, users are  
quite able at the moment to use the various fabulous upload recipes  
available). however, for some reason users right now are unable to  
access the ?action=upload page (a password is requested, and the edit  
password doesn't work!!). in addition, when using attachlist, after  
renaming a file (or any of the other actions), the user is redirected  
to a password-request page, instead of to the appropriate upload  
"success" page.

i discovered that if i assign an upload-password, everything works  
fine - no password requests:
$DefaultPasswords['upload'] = crypt('defaultPwd'); // sets the  
password to edit all pages on the entire site

but i'd rather have the user only set their edit password, and  
thought that using the AuthCascade assignment above would pass  
uploading privileges on to the edit-user. it seems to be doing that  
correctly for the attr privileges...

am i doing this incorrectly? is there a better approach?
thanks in advance for the help,
adam