Tuesday, March 4, 2008, 7:35:27 AM, Peter & Melodye Bowers wrote:
> My understanding has been that as long as I go through the
> RetrieveAuthPage() and UpdatePage() functions for ALL page-reading &
> page-writing operations that they will enforce pmwiki authorizations &
> security on my behalf. Is that accurate? Or do I need to check certain
> authorizations explicitly?
You need to ensure that when using RetrieveAuthPage an appropriate
access level is provided as the second parameter.
If you use a custom action, say action=shell, you can pass an
authorisation level to the Handle function with for instance:
$HandleAuth['shell'] = 'admin';
$HandleActions['shell'] = HandleWikiShell';
function HandleWikiShell($pagename, $auth) {
......
$page = RetrieveAuthPage($somepage, $auth, true, READPAGE_CURRENT);
.....
}
~Hans
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
