[pmwiki-users] How to determine if a page requires a valid user id or a shared password?

Lars Grau mail at larsgrau.de
Mon Oct 25 06:00:58 CDT 2010


Dear all,

I've put together a first rough cookbook on the basis of Peter Bowers code suggestion.
It's definitely a "pre-alpha" and needs further enhancements.

I would really appreciate if you can comment on this, especially on the lines marked with "@@@".

Instead of pasting the code here, I made it available for downloading from the following location:

http://larsgrau.de/static/documents/getPagePermissions.phps



Thanks in advance,

L.-


On Oct 20, 2010, at 9:10 AM, Peter Bowers wrote:

> On Tue, Oct 19, 2010 at 8:13 PM, Lars Grau <mail at larsgrau.de> wrote:
>> How can I determine by ConditionalMarkup if the requested page action requires ...
>> 
>> - a) admin rights (and hence render username AND password field) or
>> - b) a valid id (and hence render username AND password field) or
>> - c) a shared password  (and hence render the password field ONLY)
>> - d) a shared password OR a valid id  (and hence render username AND password field)
>> 
>> ... according to the given action (browse/edit/upload/attr) ?
> ...
>> How do I fill the {$RequiredPagePermission} condition ???
> 
> It's going to get more complicated before it gets solved...  The
> problem is you have to deal with cascading authorization,
> authorizations from various sources (page, group, config.php), etc.
> 
> I believe you can fill in {$RequiredPagePermission} using code similar
> to this in config.php (assuming we completely ignore any passwords
> from group and making a bunch of other assumptions):
> 
> ===(snip - untested)===
> $FmtPV['$RequiredPagePermission'] =
> 'GetRequiredPagePermission($pagename, $page)';
> function GetRequiredPagePermission($pagename, $page)
> {
>   global $action;
>   if ($action == 'edit') $tmppass = $page['passwdedit'];
>   else $tmppass = $page['passwdread'];  // ignoring other actions for
> simplicity - may not suffice
>   if (!$tmppass) {
>      if ($action == 'edit')
>         $tmppass = $DefaultPasswords['edit'];
>      else
>         $tmppass = $DefaultPasswords['read']; // again, ignoring other actions
>   }
>   if (!$tmppass || strpos($tmppass, '@nopass') !== FALSE) return '';
> // blank if no password
>   elseif (strpos($tmppass, 'id:*') !== FALSE)
>      return 'id:*';
>   elseif (strpos($tmppass, 'id:') !== FALSE)
>      return 'id';
>   elseif (strpos($tmppass, '@lock') !== FALSE || strpos($tmppass,
> '@_site_admin') !== FALSE)
>      return 'admin';
>   else
>      return 'passwd';
> }
> ===(snip)===
> 
> The more I look at it the less it seems to work in the "real world"
> without a lot more coding to deal with other issues, but maybe it'll
> get you started in the right direction?  Also I'm not sure if $page is
> going to be available...?
> 
> You might also look at http://www.pmwiki.org/wiki/Cookbook/OpenPass to
> see some related types of actions there...
> 
> Hope that helps.
> 
> -Peter




More information about the pmwiki-users mailing list