Eemeli Aro wrote:
> Now, all that needs to be permitted is 'edit' or 'publish' access to
> pages in the comment group when using the action 'pmform', which I've
> done by defining a wrapper function around $AuthFunction (by default,
> PmWikiAuth) which is called by RetrieveAuthPage, which is what eg.
> CondAuth uses internally. It's this $AuthFunction that's maintaining
> any cache of authorization permissions, hence a wrapper around it
> isn't bothered by any previous page reads.
>
> Now, the way RetrieveAuthPage is used almost always (including PmForm)
> is by calling it with a page name and a level of authorization that
> should be checked, and if the return is false that means authorization
> has been denied, otherwise the return is the requested page. What my
> wrapper does is before calling $AuthFunction it checks for a specific
> set of conditions and if those match, it calls $AuthFunction for the
> comment page in question using 'read' permission instead.
>
> So take a look at the BlogeAuth function near the end of bloge.php for
> a possible answer. The other stuff that BlogeAuth does allows for
> anonymous users to edit their comments for up to half an hour from
> their last edit and helps hide blog posts that are drafts or with
> future create dates from being seen by anonymous users. The really
> tricky part is keeping those pages from showing up in pagelists, which
> maintain their own cache that uses RetrieveAuthPage slightly
> differently from everything else.
Based on this, I think I have things working pretty well. I've not yet
tested with the scenario that caused issues, but the basics are working.
Essentially I do this:
if ( COMMENTING ) {
#Force read privs for public commenting
$page = PmWikiAuth($pagename, 'read', $authprompt, $since);
}else{
#If not commenting, let default PmWiki authorization take place.
$page = PmWikiAuth($pagename, $level, $authprompt, $since);
}
This is simplified a little, and I don't hard-code with a call
PmWikiAuth. Am I correct in this approach, or have I missed something?
[1] Also, I was curious from a Bloge perspective, what is the purpose of
this line, which seems to say "if we don't prompt the user for
credentials don't allow access" - when would $authprompt be false?
if (!$authprompt) return FALSE;
[2] I *think* the purpose of these line is to override the
authentication levels for the current page. ie, current user has
read/edit permissions. Is that correct? Thus, subsequent calls to
something like CondAuth would return read privs.
$page['=auth']['read'] = 0;
$page['=passwd']['read'] = $page['=passwd']['edit'];
[3] The way I interpret the code, is Bloge may do multiple calls to
$BlogeAuthFunction -- possibly as many as three calls. I suspect the
logic conditions on each would preclude 3 calls, but minimally it will
be 2 calls. Is there a reason for that?
_______________________________________________
pmwiki-devel mailing list
pmwiki-devel@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
