[pmwiki-users] Limiting Group access via AuthUser groups

Tamara Temple tamouse.lists at gmail.com
Wed Oct 30 19:52:42 CDT 2013 

On Oct 30, 2013, at 8:23 AM, michael paulukonis <xraysmalevich at gmail.com> wrote:

> [since the two words are identical, I will be using an uppercase "Group" to refer to PmWiki Groups of pages, and use a lowercase "group" to refer to AuthUser groups of users]
> 
> Is there a programmatic way to restrict group access?
> I'm setting up a wiki for others to maintain, who will be creating users and Groups.
> Each Group should be restricted to one AuthUser group.
> Ideally, the AuthUser group would have the same name as the Group.
> This would mean that once a Group is created and users are added to the AuthUser group, no further action would have to be taken by the administrator.
> 
> However, I haven't figured out how to set Group restrictions without using {Group}.GroupAttributes?action=attr and manually setting the group.
> 
> 
> Would it be possible to do something like the following in local/config.php ?
> 
> // exclude Groups like PmWiki, Main, etc.
> if ($Group != 'Site') {
>   $DefaultPasswords['read'] = array('@$Group', 'id:admin'); // restrict to group and admin
> }
> 
> I believe I tried the above and it didn't work (I'm away from my dev machine right now).
> 
> If something like this is possible, could it easily be extended to add additional users or groups via GroupAttributes without modifying config.php?
> 
> -Michael Paulukonis

Not really sure if this is an answer, and I’ve not even tried this, but: 

// exclude Groups like PmWiki, Main, etc.
if ( ! in_array($Group, array($SiteGroup, $SiteAdminGroup, 'PmWiki', $DefaultGroup ) {
  $group = strtolower($Group); // to refer to AuthUser group associated with PmWiki Group?
  $DefaultPasswords['read'] = array("@$group", 'id:admin'); // restrict to group and admin. Interpolate?
}

I think you’ll want the AuthUser group here, so down case the PmWIki Group. Also, I think you want that interpolated immediately in the assignment for DefaultPasswords, no?

Also, the in_array thingie for checking might be a touch more robust using the variables…

Again, just off the cuff, not tried it.

More information about the pmwiki-users mailing list