[pmwiki-users] HandleAuth for action diag

Patrick R. Michaud pmichaud at pobox.com
Wed Sep 3 08:24:52 CDT 2008


On Wed, Sep 03, 2008 at 10:37:37PM +1300, Simon wrote:
> As a general principle I think all actions should check the normal mechanism,
> perhaps this is the problem I am having with ?action=approvesites

As a "general principle" I agree -- but the very phrase 
"general principle" implies that there can be exceptions.  :-)

In the case of ?action=approvesites, it always uses the write
permission of the page that will contain the url approvals.
Very little else makes sense.  One could, I suppose, want to
add additional restrictions tied to the ?action=approvesites
command, but a person with write permission to the url approvals
page would still be able to change the approved urls without
using ?action=approvesites .

Pm



More information about the pmwiki-users mailing list