Re: [Phpwiki-talk] Re: auth prefs

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Reini Urban wrote:
We just discussed the layout here, but I have no code yet, because of 
the UserAuth problems. See the mainlinglist and the phpwiki pages.

Ok found the discussion and am up to speed.

We decided to put the groupmembers info into simple wikipages as * lines.

Hmmm... I would have gone for DB fields, but then I wasn't paying 
attention... See below.

PagePermission is just another numeric meta_data field "perm", similar 
to "hits" or "pref".

'r' = view
'w' = edit
'x' = ? admin rights ?

Also a new field owner: "owner", with groups "owner.group"? or seperate?
"userid" is the latest author.
for upgrading the owner will be the original userid field.

I would store in seperate "owner" and "group" meta fields, if not in 
fields on the page_tbl table (faster queries).  See below.

Then each action needs a central permission check in main().
For display, save/remove and various other executable plugins.
I would move the basic read/write checks from main() to the WikiDB level.

Then we have to enhance requiredAuthority ($action) to
requiredAuthority ($action, $page),

ok

or make requiredAuthority ($action) a WikiDB method.

For example to disallow the listing of private -r pages in PageList.
or if an admin plugin may change other pages.

Yikes! That's a lot of parsing for an 'a-r g+r' page that isn't owned by 
the user.  It would be a lot easier if group membership was stored in 
the DB:

1)
"SELECT groupname FROM $user_group_tbl WHERE username=$username"

vs.

2)
// Note: functions are just for demo of what is nec. not an actual
// proposal
//  get all the groups
$groups = getGroups();
$membership = array();
foreach($groups as $x){
     // grab/parse group page looking for username
     if(userInGroup($x, $username)){
         $membership[] = $x;
     }
}

In #1 there is one DB call and in #2 there will be 1+N DB calls (where N 
is the number of groups).  #2 is not going to scale up very well.

jbw

** Sorry again Reini...ment to send to whole list.  I am used to just 
Replying (not Reply-Alling) to lists **