From: Reini U. <ru...@x-...> - 2002-08-17 11:29:14
|
Just a note that I'm just testing some userauth code I've written. * unix like filesystem permissions per page, * a user and group table, * authentification via HTTP_AUTH (let apache mod_auth_* handle it), a new user table (maybe from a seperate db, like a radius), or via external auth (currently LDAP and IMAP). Each page permission defaults to 766. The executable bit (7) should allow/disallow some active plugins, like EmailNotification. There's a owner (creator), groupmember and world. There's no directory like permission hierarchy (yet). the mysql schema: CREATE TABLE user ( userid int(10) unsigned NOT NULL auto_increment, username char(16) binary NOT NULL default '', password char(16) binary NOT NULL default '', PRIMARY KEY (userid) ) TYPE=MyISAM; INSERT INTO user VALUES (1, 'ReiniUrban', 'somecryptedpassword'); CREATE TABLE member ( memberid int(10) unsigned NOT NULL auto_increment, userid int(10) unsigned NOT NULL default '0', name char(16) NOT NULL default '', PRIMARY KEY (memberid), KEY userid (userid) ) TYPE=MyISAM; INSERT INTO member VALUES (1, 1, 'admin'); CREATE TABLE permissions ( pageid int(11) unsigned NOT NULL default '0', userid int(11) unsigned NOT NULL default '0', memberid int(11) unsigned default NULL, permission int(11) unsigned NOT NULL default '776', PRIMARY KEY (pageid), KEY userid (userid), KEY memberid (memberid) ) TYPE=MyISAM; But maybe we should define a flag for each allowed action? (remove, rename, edit, zipdump, ...) I'm for simplicity here. When it's ready I'll commit it then, together with the "/" SubPages and ImageLinks. PS: Some year ago I wanted to put this page meta information (permissions, ...) into some kind of page header (mbox format), and the user and group table into simple only admin-readable pages. For now just this. The DB backends are probably heavy to write, compared to the page extraction changes for the mbox format, but it should be quite simple for the complicated DB backends (DBA). The users and member doesn't really need names and id's. hmm. Jeff Dairiki schrieb: > I suspect what you want can be done with (as you suggest) > just a few lines of changes. > > Here's a basic outline of what you need to do (I think): > > 1. In lib/WikiUser.php, you need to modify the WikiUser::_pwcheck() > so that it returns WIKIAUTH_USER when a given a valid > regular username, password pair. > > 2. In main.php, you need to modify WikiRequest::requiredAuthority() > so that it returns WIKIAUTH_USER for action 'edit' (currently > it returns either WIKIAUTH_ANON or WIKIAUTH_BOGO depending > on the setting of REQUIRE_SIGNIN_BEFORE_EDIT.) > > Both are simple changes. > > I think that should do it, but I haven't tested it. > If that's not enough help, let me know and I'll try to put > together a set of patches. I won't have time to do that > until sometime next week though... -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |