[pmwiki-users] CondAuth inside of config.php after include authuser, returns ok when read password GroupAttributes enabled.
Chris Cox
ccox at endlessnow.com
Thu May 21 17:31:22 CDT 2009
I'm seeing an interesting problem. In my config.php
I have:
$DefaultPasswords['admin'] = array(crypt('secret'),'@sysadmin');
$DefaultPasswords['attr'] = '@sysadmin';
$DefaultPasswords['edit'] = 'id:*';
$DefaultPasswords['upload'] = '';
$DefaultPasswords['browse'] = '';
$HandleAuth['upload'] = 'edit';
$HandleAuth['diff'] = 'edit';
$HandleAuth['source'] = crypt('secret');
include_once("$FarmD/scripts/authuser.php");
if (CondAuth($pagename,$action)) {
$ok='ok';
} else {
$ok='not ok';
}
The problem is that when I go to a page where read is protected
via GroupAttributes for group called Mine, I get thrown to the login
dialog (correct), but I also get an 'ok' above for the page. Shouldn't
I get a 'not ok' instead?? I'm confused.
Seems to work if I try to edit a page where I don't have
permissions. Is this because there is a difference between
authuser and just plain old page password protection?? Notice
that edit needs id:* auth perms by default. On that
Mine/GroupAttributes page I have:
read: id:*
edit: id:* (set by site)
attr: @sysadmin (set by site)
upload: (using read password)
I get 'ok' even when I haven't logged in, though I do get the
login prompt. It's just that CondAuth isn't giving me what
I expected.
Thanks for any help on this,
Chris
More information about the pmwiki-users
mailing list