Recent Changes - Search:

Cookbook

PmWiki

pmwiki.org

Cookbook /

AuthUserCMSLike

Summary: Restricts access to PageActions by role
Version: 1.0
Prerequisites:
Maintainer: BenWilson
Categories: CMS

Question

Some people want to merge the "best features" of UserAuth and AuthUser. Among these is integration with CMSLike. Is it possible to have CMS behavior with AuthUser?

Answer

A site may have CMS Like behavior while using AuthUser without fancy footwork.

Create the CMS Menu. PmWiki already comes with a page dedicated to the page actions Site.PageActions. So, all we need to do is adjust this page to allow for role-based options. Here is an example. 

(:if ! [ auth admin || authid ] :)
[[{$FullName}?action=login|$[login]]]
(:if [ auth admin || authid ]:)
[[{$FullName}?action=logout|$[logout]]]
(:if auth edit:)
· [[{$FullName}?action=edit|$[edit]]]
· [[{$FullName}?action=diff|$[history]]]
(:if auth admin:)
· [[{$FullName}?action=attr|$[attr]]]
· [[{$SiteGroup}.AuthUser?action=edit|$[users]]]

Notes

  • This recipe was last tested on PmWiki version: pmwiki-2.2.0-beta68
  • This recipe requires at least PmWiki version: any version with PmWiki.AuthUser

Releases

No releases, just information

Comments

A slightly different approach is to include CmsMenu in Site.SideBar, either by adding the content directly into the SideBar, or by using markup (:include Site.PageActions:). This way the skin template file does not need to be altered. ~HansB

  • PmWiki now provides Site.PageActions, which can be modified in the above mentioned way. BenWilson April 11, 2006, at 04:48 PM

Question (13-Nov-2006, RussFink) - can this recipe prevent the arbitrary creation of new pages? Say you've hidden the edit links from me, but I suspect you're running a wiki and not a real web site. I'm going to try to enter a new page name, and see what happens. Will I see the edit window? If not, will I be prompted to enter a password prior to creating the page? Either way, I still have revealed the wikiness of the page. I am trying to prevent that in order to prevent discovery of the system (footprinting, in other words.) What CMS recipe would help me achieve what I'm trying to do?

If you're presented with a username/password login, does it really matter what kind of engine is running the website? I mean if you can't edit without logging in, then you can't edit without logging in. My website is set up this way; you need a correct username and password to edit the wiki, it doesn't really matter if someone knows that PmWiki is running the site. Security through obscurity is never a good idea. Ian MacGregor

Update 14-Nov-2006 RussFink - added conjunction with either auth admin or authid. Fixes wonky behavior where if you use admin, you don't get the full menus.

See Also

Contributors

BenWilson August 23, 2006 -- Updated. BenWilson December 30, 2005 -- Initially Written

Categories: CMS Ben Wilson Maintained
Edit - History - Print - Recent Changes - Search
Page last modified on June 17, 2007, at 08:24 AM