I'd like to implement a mechanism to define groups of users by role, and
for each role to have one or more actions. I then need a mechanism to
test to see if the logged in user has permissions for an action, based
on the role they are assigned. This needs to tie to whether they have
actual PmWiki privs as well.
A quick (very slightly simplified) sample:
- David has the role Admin. Admins can perform actions 1,2,3.
- Bert has the role Writer. Writers can perform actions 3,4,5.
- Sally has both Admin and Writer roles, and thus can perform 1,2,3,4,5.
Sample test:
- Does Bert have action 3 assigned?
The way I started to do this is with AuthUser (below), but it seems way
too complicated. The particular implementation doesn't allow me to share
actions across roles, but could be modified. It also means I need to use
CondAuth -- which I'd prefer not to, as it seems to require some careful
positioning in terms of other code, and other cookbooks.
It seems to me that I might be able to simply use AuthList somehow, and
then test with:
if ($AuthList['@'.$Auth_Array[$action]] > 0) #where auth_array from
example below
I'm sure someone has done this before. Any recommendations?
~ ~ David
#======================================
# Define users passwords
$AuthUser['daveg'] = crypt('david');
$AuthUser['bert'] = crypt('bert');
$AuthUser['sally'] = crypt('sally');
# Add users to the auth groups
$AuthUser['@Admin'] = array('david','sally');
$AuthUser['@Writer'] = array('bert','sally');
# Assign users/groups to the blogit security groups
$DefaultPasswords['Admin'] = array('@Admin');
$DefaultPasswords['Writer'] = array('@Writer');
#Now assign the actions to the roles
SDVA($Auth_Array, array(
'1'=>'Admin',
'2'=>'Admin',
'3'=>'Writer',
'4'=>'Writer',
'5'=>'Writer'
));
Test with:
CondAuth($pagename, $Auth_Array[$action])
_______________________________________________
pmwiki-devel mailing list
pmwiki-devel@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
