Thanks Tegan,
That worked for the group.
I'm a little surprised by this though:
1. Last time I checked, to edit a page you need to be able to read it
(ie read permission is implied), therefore conferring edit rights should
most certainly confer read rights.
2. Requiring explicit matching of passwords where site-wide rights
should be conferred to groups, obstructs the intention by creating
unnecessary administrative work (should the site-wide password have to
change). Seems to me letting groups and pages inherit rights through
@_site_edit (ie @_site_<whatever-right>), and also letting pages inherit
group rights with @_group_edit, would make sense, and be natural and
symmetrical. The current situation, given the potential time and errors
involved in changing a password scheme is, ironically, a security risk.
3. The apparent application of the publish password to the attribute
password in the group is just plain nuts (ie a bug.).
Looks to me like this password system could use a bit of attention.
How does all this compare with generally accepted permission scheme
standards? Am I missing something?
- Henrik
Tegan Dowling wrote:
On Mon, May 12, 2008 at 5:12 PM, Henrik Bechmann <[EMAIL PROTECTED]> wrote:
When I login with a site-wide edit password, I am challenged for an
additional *read* password for a group for which I have set a read password.
I'm having a little trouble fathoming this. I thought that an edit
password trumps a read password.
It doesn't. Read and edit permissions are set separately, and edit
rights do not confer read rights, any more than read rights confer
edit rights.
If, in your config.php file, you have
$DefaultPasswords['edit'] = crypt('userpasswordhere');
Then in any wikigroup named, for example, ProtectedGroup, you need to
use ProtectedGroup.GroupAttributes?action=attr to:
Set new read password = userpasswordhere
OR use ProtectedGroup.GroupAttributes?action=attr to:
Set new read password = specialgrouppass userpasswordhere
Set new edit password = specialgrouppass userpasswordhere
(create a space-separated list of passwords for each attribute)
You cannot use ProtectedGroup.GroupAttributes?action=attr to:
Set new read password = @_site_edit
That doesn't work. In discussion in this list-serv in 2006, PM said
that he never intended @_site_edit to be used on
GroupAttributes?action=attr.
(Everybody please VOTE on http://www.pmwiki.org/wiki/PITS/00836).
------------------------------------------------------------------------
No virus found in this incoming message.
Checked by AVG.
Version: 8.0.100 / Virus Database: 269.23.16/1429 - Release Date: 5/12/2008 6:14 PM
--
Henrik Bechmann
bechmann.ca
Webmaster, celos.ca webhosting services
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
