Re: [pmwiki-users] Limiting Group access via AuthUser groups
Thanks, Petko, seems to work great! -Michael Paulukonis http://www.xradiograph.com http://goog_2112721603Interference Patterns (a blog)http://www.xradiograph.com%5Cinterference @XraysMonaLisa https://twitter.com/XraysMonaLisa http://michaelpaulukonis.com http://www.BestAndroidResources.com Sent from somewhere in the Cloud (hearthrug, by the fender) On Thu, Oct 31, 2013 at 4:57 PM, Petko Yotov 5...@5ko.fr wrote: michael paulukonis writes: Is there a programmatic way to restrict group access? I'm setting up a wiki for others to maintain, who will be creating users and Groups. Each Group should be restricted to one AuthUser group. Ideally, the AuthUser group would have the same name as the Group. This would mean that once a Group is created and users are added to the AuthUser group, no further action would have to be taken by the administrator. However, I haven't figured out how to set Group restrictions without using {Group}.GroupAttributes?**action=attr and manually setting the group. Would it be possible to do something like the following in local/config.php ? // exclude Groups like PmWiki, Main, etc. if ($Group != 'Site') { $DefaultPasswords['read'] = array('@$Group', 'id:admin'); // restrict to group and admin } Something like this may appear to work but it may unexpectedly create read permissions, for example via (:include...:) or via Page(Text)Variables. A user in one Group may use (:include OtherGroup.MainPage:) and see the rendered HTML of that OtherGroup. It is best to enter the user group in the GroupAttributes?action=attr page, or to programmatically create these pages. See the recipe http://www.pmwiki.org/wiki/**Cookbook/AutoGroupPageshttp://www.pmwiki.org/wiki/Cookbook/AutoGroupPages. You can insert inside that function something like: $group = FmtPageName('{$Group}', $pagename); $template = ReadPage('Templates.**GroupAttributes'); $template['passwdread'] = @$group; # or strtolower(@$group); $template['passwdedit'] = @$group; $template['passwdattr'] = @$group; WritePage($group.**GroupAttributes, $template); See also http://www.pmwiki.org/wiki/**PmWiki/EditVariables#**AutoCreatehttp://www.pmwiki.org/wiki/PmWiki/EditVariables#AutoCreatewhich may potentially be of use. Petko __**_ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/**mailman/listinfo/pmwiki-usershttp://www.pmichaud.com/mailman/listinfo/pmwiki-users ___ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users
Re: [pmwiki-users] Limiting Group access via AuthUser groups
michael paulukonis writes: Is there a programmatic way to restrict group access? I'm setting up a wiki for others to maintain, who will be creating users and Groups. Each Group should be restricted to one AuthUser group. Ideally, the AuthUser group would have the same name as the Group. This would mean that once a Group is created and users are added to the AuthUser group, no further action would have to be taken by the administrator. However, I haven't figured out how to set Group restrictions without using {Group}.GroupAttributes?action=attr and manually setting the group. Would it be possible to do something like the following in local/config.php ? // exclude Groups like PmWiki, Main, etc. if ($Group != 'Site') { $DefaultPasswords['read'] = array('@$Group', 'id:admin'); // restrict to group and admin } Something like this may appear to work but it may unexpectedly create read permissions, for example via (:include...:) or via Page(Text)Variables. A user in one Group may use (:include OtherGroup.MainPage:) and see the rendered HTML of that OtherGroup. It is best to enter the user group in the GroupAttributes?action=attr page, or to programmatically create these pages. See the recipe http://www.pmwiki.org/wiki/Cookbook/AutoGroupPages . You can insert inside that function something like: $group = FmtPageName('{$Group}', $pagename); $template = ReadPage('Templates.GroupAttributes'); $template['passwdread'] = @$group; # or strtolower(@$group); $template['passwdedit'] = @$group; $template['passwdattr'] = @$group; WritePage($group.GroupAttributes, $template); See also http://www.pmwiki.org/wiki/PmWiki/EditVariables#AutoCreate which may potentially be of use. Petko ___ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users
[pmwiki-users] Limiting Group access via AuthUser groups
[since the two words are identical, I will be using an uppercase Group to refer to PmWiki Groups of pages, and use a lowercase group to refer to AuthUser groups of users] Is there a programmatic way to restrict group access? I'm setting up a wiki for others to maintain, who will be creating users and Groups. Each Group should be restricted to one AuthUser group. Ideally, the AuthUser group would have the same name as the Group. This would mean that once a Group is created and users are added to the AuthUser group, no further action would have to be taken by the administrator. However, I haven't figured out how to set Group restrictions without using {Group}.GroupAttributes?action=attr and manually setting the group. Would it be possible to do something like the following in local/config.php ? // exclude Groups like PmWiki, Main, etc. if ($Group != 'Site') { $DefaultPasswords['read'] = array('@$Group', 'id:admin'); // restrict to group and admin } I believe I tried the above and it didn't work (I'm away from my dev machine right now). If something like this is possible, could it easily be extended to add additional users or groups via GroupAttributes without modifying config.php? -Michael Paulukonis http://www.xradiograph.com http://goog_2112721603Interference Patterns (a blog)http://www.xradiograph.com%5Cinterference @XraysMonaLisa https://twitter.com/XraysMonaLisa http://michaelpaulukonis.com http://www.BestAndroidResources.com Sent from somewhere in the Cloud (hearthrug, by the fender) ___ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users
Re: [pmwiki-users] Limiting Group access via AuthUser groups
On Oct 30, 2013, at 8:23 AM, michael paulukonis xraysmalev...@gmail.com wrote: [since the two words are identical, I will be using an uppercase Group to refer to PmWiki Groups of pages, and use a lowercase group to refer to AuthUser groups of users] Is there a programmatic way to restrict group access? I'm setting up a wiki for others to maintain, who will be creating users and Groups. Each Group should be restricted to one AuthUser group. Ideally, the AuthUser group would have the same name as the Group. This would mean that once a Group is created and users are added to the AuthUser group, no further action would have to be taken by the administrator. However, I haven't figured out how to set Group restrictions without using {Group}.GroupAttributes?action=attr and manually setting the group. Would it be possible to do something like the following in local/config.php ? // exclude Groups like PmWiki, Main, etc. if ($Group != 'Site') { $DefaultPasswords['read'] = array('@$Group', 'id:admin'); // restrict to group and admin } I believe I tried the above and it didn't work (I'm away from my dev machine right now). If something like this is possible, could it easily be extended to add additional users or groups via GroupAttributes without modifying config.php? -Michael Paulukonis Not really sure if this is an answer, and I’ve not even tried this, but: // exclude Groups like PmWiki, Main, etc. if ( ! in_array($Group, array($SiteGroup, $SiteAdminGroup, 'PmWiki', $DefaultGroup ) { $group = strtolower($Group); // to refer to AuthUser group associated with PmWiki Group? $DefaultPasswords['read'] = array(@$group, 'id:admin'); // restrict to group and admin. Interpolate? } I think you’ll want the AuthUser group here, so down case the PmWIki Group. Also, I think you want that interpolated immediately in the assignment for DefaultPasswords, no? Also, the in_array thingie for checking might be a touch more robust using the variables… Again, just off the cuff, not tried it. ___ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users
Re: [pmwiki-users] Limiting Group access via AuthUser groups
Thanks, Tamara. Something is happening well beyond my php-fu (which is so low I don't even have a belt). The negative case is ALWAYS true. Even, say in the Main or PmWiki groups. I've dumped the array and variables to the page to check -- and it sure looks to _me_ like the $Group should be found in the array, but PHP is telling me it ain't so. ??? -Michael Paulukonis http://www.xradiograph.com http://goog_2112721603Interference Patterns (a blog)http://www.xradiograph.com%5Cinterference @XraysMonaLisa https://twitter.com/XraysMonaLisa http://michaelpaulukonis.com http://www.BestAndroidResources.com Sent from somewhere in the Cloud (hearthrug, by the fender) On Wed, Oct 30, 2013 at 8:52 PM, Tamara Temple tamouse.li...@gmail.comwrote: On Oct 30, 2013, at 8:23 AM, michael paulukonis xraysmalev...@gmail.com wrote: [since the two words are identical, I will be using an uppercase Group to refer to PmWiki Groups of pages, and use a lowercase group to refer to AuthUser groups of users] Is there a programmatic way to restrict group access? I'm setting up a wiki for others to maintain, who will be creating users and Groups. Each Group should be restricted to one AuthUser group. Ideally, the AuthUser group would have the same name as the Group. This would mean that once a Group is created and users are added to the AuthUser group, no further action would have to be taken by the administrator. However, I haven't figured out how to set Group restrictions without using {Group}.GroupAttributes?action=attr and manually setting the group. Would it be possible to do something like the following in local/config.php ? // exclude Groups like PmWiki, Main, etc. if ($Group != 'Site') { $DefaultPasswords['read'] = array('@$Group', 'id:admin'); // restrict to group and admin } I believe I tried the above and it didn't work (I'm away from my dev machine right now). If something like this is possible, could it easily be extended to add additional users or groups via GroupAttributes without modifying config.php? -Michael Paulukonis Not really sure if this is an answer, and I’ve not even tried this, but: // exclude Groups like PmWiki, Main, etc. if ( ! in_array($Group, array($SiteGroup, $SiteAdminGroup, 'PmWiki', $DefaultGroup ) { $group = strtolower($Group); // to refer to AuthUser group associated with PmWiki Group? $DefaultPasswords['read'] = array(@$group, 'id:admin'); // restrict to group and admin. Interpolate? } I think you’ll want the AuthUser group here, so down case the PmWIki Group. Also, I think you want that interpolated immediately in the assignment for DefaultPasswords, no? Also, the in_array thingie for checking might be a touch more robust using the variables… Again, just off the cuff, not tried it. ___ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users
Re: [pmwiki-users] Limiting Group access via AuthUser groups
somehow, $Group is not the same as $DefaultGroup, even when both hold the string Main -Michael Paulukonis http://www.xradiograph.com http://goog_2112721603Interference Patterns (a blog)http://www.xradiograph.com%5Cinterference @XraysMonaLisa https://twitter.com/XraysMonaLisa http://michaelpaulukonis.com http://www.BestAndroidResources.com Sent from somewhere in the Cloud (hearthrug, by the fender) On Wed, Oct 30, 2013 at 11:33 PM, michael paulukonis xraysmalev...@gmail.com wrote: Thanks, Tamara. Something is happening well beyond my php-fu (which is so low I don't even have a belt). The negative case is ALWAYS true. Even, say in the Main or PmWiki groups. I've dumped the array and variables to the page to check -- and it sure looks to _me_ like the $Group should be found in the array, but PHP is telling me it ain't so. ??? -Michael Paulukonis http://www.xradiograph.com http://goog_2112721603Interference Patterns (a blog)http://www.xradiograph.com%5Cinterference @XraysMonaLisa https://twitter.com/XraysMonaLisa http://michaelpaulukonis.com http://www.BestAndroidResources.com Sent from somewhere in the Cloud (hearthrug, by the fender) On Wed, Oct 30, 2013 at 8:52 PM, Tamara Temple tamouse.li...@gmail.comwrote: On Oct 30, 2013, at 8:23 AM, michael paulukonis xraysmalev...@gmail.com wrote: [since the two words are identical, I will be using an uppercase Group to refer to PmWiki Groups of pages, and use a lowercase group to refer to AuthUser groups of users] Is there a programmatic way to restrict group access? I'm setting up a wiki for others to maintain, who will be creating users and Groups. Each Group should be restricted to one AuthUser group. Ideally, the AuthUser group would have the same name as the Group. This would mean that once a Group is created and users are added to the AuthUser group, no further action would have to be taken by the administrator. However, I haven't figured out how to set Group restrictions without using {Group}.GroupAttributes?action=attr and manually setting the group. Would it be possible to do something like the following in local/config.php ? // exclude Groups like PmWiki, Main, etc. if ($Group != 'Site') { $DefaultPasswords['read'] = array('@$Group', 'id:admin'); // restrict to group and admin } I believe I tried the above and it didn't work (I'm away from my dev machine right now). If something like this is possible, could it easily be extended to add additional users or groups via GroupAttributes without modifying config.php? -Michael Paulukonis Not really sure if this is an answer, and I’ve not even tried this, but: // exclude Groups like PmWiki, Main, etc. if ( ! in_array($Group, array($SiteGroup, $SiteAdminGroup, 'PmWiki', $DefaultGroup ) { $group = strtolower($Group); // to refer to AuthUser group associated with PmWiki Group? $DefaultPasswords['read'] = array(@$group, 'id:admin'); // restrict to group and admin. Interpolate? } I think you’ll want the AuthUser group here, so down case the PmWIki Group. Also, I think you want that interpolated immediately in the assignment for DefaultPasswords, no? Also, the in_array thingie for checking might be a touch more robust using the variables… Again, just off the cuff, not tried it. ___ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users