00538: Option to edit protect Profile Page to Author only
Description: Hi
I would suggest to add an option to limit edit capabilities to author only.
This feature require author to be login/password controlled
It also means that we have to have some way of knowing which pages belong to which authors, which we don't have at present. (Note that "authentication id" is not always the same as "author" in a PmWiki environment.)
The standard approach is for the author of the profile page to simply password-protect the page, using either a password or "id:username".
--Pm
Agreed, in fact on our implementation we've linked "author" and "auth id" without possibility for the user to make a modifiaction (because we have 17K users) this cennot be a standard ;-)
By the way, to password protect their own profile page, author must have autorisation to change password, wich is not standard to. --Isidor
Isn't it possible to have an group-wide id:profile for example which makes for each page in this group: $authid =$Name?
--kt007
Here's a hack that seems to work for me. I am enforcing that all editors must be logged in, and that the $Author
is set using $AuthId
(and cannot be changed in the edit form). Under these conditions, I just create a group-specific configuration local/Profiles.php
:
<?php $DefaultPasswords['edit'] = 'id:'. substr(strrchr($pagename, '.'), 1);
so the 'edit'
password for the page Profiles.ChrisLeague
is automatically set to 'id:ChrisLeague'
.
-- Chris League? June 20, 2006, at 03:28 PM
Here's another hack. Try this local/Profiles.php
script:
<?php if (!defined('PmWiki')) exit(); ## Author's name must match the page name in order to edit. if ($action == 'edit' && ! CondAuth(@$pagename, 'admin')) { @include_once($FarmD.'/scripts/author.php'); if ($Author && $Author != @PageVar($pagename, '$Name')) { $action='browse'; } }
Some drawbacks have been reported by Noskule on the pmwiki-users list.
There's no feedback when someone tries to edit a page and (:if auth edit:)
is true on every Profiles page.
Changing $action='browse'
to $action='login'
partially solves the feedback problem.
Maybe an improvement would be to replace
$action='browse'; }
with
redirect('Profiles.EditAccessDenied'); }
where Profiles.EditAccessDenied contains a message explaining what happened.
--Hagan
Hi Hagan I think that's could be the way to close this PITS and make a simple cookbook receipt, do you agree? --Isidor