On Mar 31, 2011, at 6:05 PM, Randy Brown wrote:
> If you are simply trying to hide a link that won't work anyway for a user, a
> conditional test is fine. But if your goal is security, you need to set the
> page's permissions appropriately.
>
> If a page has read permission authorized for all, all users will be able to
> read it even if they don't see the link in your sidebar. For example if
> UnauthorizedUser guesses the page name, or does a search for pages and it
> appears in the list, or looks at the All Recent Changes page and sees the
> link, he or she will find and read the page whose sidebar link you are
> hiding.
>
> Similarly, if you make content on a page display only for authorized users
> via a conditional like (:if authgroup xxx:), users who have permission for
> action=source will be able to extract the lines you are trying to hide. To
> repeat: the only secure way to block read access to a page is through setting
> the page's read permission appropriately.
>
> Randy
>
> On Mar 31, 2011, at 3:01 PM, Robert Matthews wrote:
>
>> Yes, this is basically what I want to do... can you show me a line of
>> code that I can insert into config.php to check which AD group a user
>> belongs to?
>
IIUC, what RM wants is how to detect AD groups in config.php. This will depend
on his setup. For us, in config.php we have:
if (TestGroupMembership($user,"colloquium"))
{ $AuthList["@Colloquium"]=1;
$Colloquium=1;
for example for the colloquium group.
The php function TestGroupMembership looks like:
function TestGroupMembership($username,$group)
{
$debug=0;
$command="dseditgroup -o checkmember -m ${username} ${group}|cut -d\ -f 1";
$status=exec($command);
if( $debug) echo "Status = $status\n";
$membership=$status=="yes";
if($debug)echo $membership;
return ($membership);
}
The dseditgroup seems to be an ldap command, but somehow you have to read the
OD information.
Good Luck.
Vince
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
