Yes, I see why that makes sense.Where I was coming from was wanting a password that only applied to approved URLs, rather than giving (say) my Admin password out.
I suppose I can change the password on the approved URLs page, but this doesn't appeal to me as much as applying security to the action. thanks Simon 2008/9/4 Patrick R. Michaud <[EMAIL PROTECTED]> > On Wed, Sep 03, 2008 at 10:37:37PM +1300, Simon wrote: > > As a general principle I think all actions should check the normal > mechanism, > > perhaps this is the problem I am having with ?action=approvesites > > As a "general principle" I agree -- but the very phrase > "general principle" implies that there can be exceptions. :-) > > In the case of ?action=approvesites, it always uses the write > permission of the page that will contain the url approvals. > Very little else makes sense. One could, I suppose, want to > add additional restrictions tied to the ?action=approvesites > command, but a person with write permission to the url approvals > page would still be able to change the approved urls without > using ?action=approvesites . > > Pm > -- http://kiwiwiki.co.nz
_______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
