On Sun, May 17, 2009 at 9:21 PM, Tom <[email protected]> wrote:
> Tom skrev:
>
>> Peter Bowers skrev:
>>
> Short comment:
>
> The error situation has been fixed, but I have another one (which is the
> REAL problem in this case):
>
> 1) The user has got his access set to "read":
> $idinfo[3] = 'read'
> $idinfo[1] = user ident
>
> $DefaultPasswords[$idinfo[3]] = "id:" . $idinfo[1];
> (which should be "translated" to: $DefaultPasswords['read'] = 'id:<user
> ident>).
>
> 2) But I am still able to both change pages and store pages when logged in
> as this user (ident).
>
> How come ?
>
Have you explicitly set $DefaultPasswords['edit'] to something else? If no
edit password has been set then that tells pmwiki to allow edits without
authorization. Since you have a read password it would "cascade" to the
edit password, but your person is already authenticated and so it doesn't
limit anything.
$DefaultPasswords[$idinfo[3]] = "id:" . $idinfo[1];
if ($idinfo[3] != 'edit' && $idinfo[3] != 'admin')
$DefaultPasswords['edit'] = crypt('something-unlikely-to-be-discovered');
That may do what you want.
-Peter
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
