00538: Option to edit protect Profile Page to Author only

Summary: Option to edit protect Profile Page to Author only
Created: 2005-09-21 16:36
Status: Closed - Cookbook:Edit-RestrictedProfile recipe
Category: Feature
From: Isidor
Assigned:
Priority: 5544
Version: 2.0.6
OS: NA

Description: Hi

I would suggest to add an option to limit edit capabilities to author only.

This feature require author to be login/password controlled

Isidor


It also means that we have to have some way of knowing which pages belong to which authors, which we don't have at present. (Note that "authentication id" is not always the same as "author" in a PmWiki environment.)

The standard approach is for the author of the profile page to simply password-protect the page, using either a password or "id:username".

--Pm


Agreed, in fact on our implementation we've linked "author" and "auth id" without possibility for the user to make a modifiaction (because we have 17K users) this cennot be a standard ;-)

By the way, to password protect their own profile page, author must have autorisation to change password, wich is not standard to. --Isidor


Isn't it possible to have an group-wide id:profile for example which makes for each page in this group: $authid =$Name?

--kt007


Here's a hack that seems to work for me. I am enforcing that all editors must be logged in, and that the $Author is set using $AuthId (and cannot be changed in the edit form). Under these conditions, I just create a group-specific configuration local/Profiles.php:

  <?php
  $DefaultPasswords['edit'] = 'id:'. substr(strrchr($pagename, '.'), 1);

so the 'edit' password for the page Profiles.ChrisLeague is automatically set to 'id:ChrisLeague'.

-- Chris League? June 20, 2006, at 03:28 PM


Here's another hack. Try this local/Profiles.php script:

<?php if (!defined('PmWiki')) exit();
## Author's name must match the page name in order to edit.
if ($action == 'edit' && ! CondAuth(@$pagename, 'admin')) {
  @include_once($FarmD.'/scripts/author.php');
  if ($Author && $Author != @PageVar($pagename, '$Name')) {
    $action='browse'; }
}

Some drawbacks have been reported by Noskule on the pmwiki-users list. There's no feedback when someone tries to edit a page and (:if auth edit:) is true on every Profiles page. Changing $action='browse' to $action='login' partially solves the feedback problem.

Maybe an improvement would be to replace

$action='browse'; }

with

redirect('Profiles.EditAccessDenied'); }

where Profiles.EditAccessDenied contains a message explaining what happened.

--Hagan


Hi Hagan I think that's could be the way to close this PITS and make a simple cookbook receipt, do you agree? --Isidor

I think so... Done, at least partially. --Hagan
(Thanks for correcting the recipe name, Simon.)