|
[dokuwiki]
||
[Date Prev]
[07-2007 Date Index]
[Date Next]
||
[Thread Prev]
[07-2007 Thread Index]
[Thread Next]
[dokuwiki] custom user module, bulk group adds
- From: Jason Keltz <jas@xxxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Wed, 04 Jul 2007 16:20:23 -0400
Hi.
I'm new to DokuWiki, and I'm having a bit of an
authentication/authorization nightmare that I'm hoping that someone can
help me with.
I need to setup quite a few separate wikis each with a separate admin.
We have around 1000 system accounts with a custom user account back-end.
I would like to allow access to each wiki site that I create to all
system users at our site. Admins on each wiki can then use ACLs to
limit access to the namespaces on their site. Admins can also add
their own custom users (plain auth) to their own site using, the "User
Manager" plugin. So far, so good.
I don't think that I want all 1000 system accounts to show up in the
user manager for two reasons -- first, because it would be too much for
the admins to look through, and second, because it would make it
difficult to find just the "custom" accounts created through the user
manager since they wouldn't be distinguished.
The big problem is groups. I need to have some "global" groups that I
create and distribute to all of the wikis. For example, I need to be
able to create a group "GroupA" which contains users user1, user2, and
user3 no matter what the wiki. The wikis would then have some local
groups -- some comprised of plain auth users, and others from our custom
back-end. Of course if I don't have the system users show up in the
user manager plugin, it's difficult to add them to groups right now if
the admins don't have direct access to the system running the wiki,
which they don't. This also leads to another problem -- the method of
adding users to groups through the user manager plugin would probably
not be appropriate for my application. The admins want to assign users
to groups in bulk. Right now, as far as I can see, the DokuWiki user
manager plugin allows you only to assign "groups" to users, one at a
time which could be annoying if you have a list of users who are
supposed to be in a group, and that list is changing on a regular basis,
and you don't want to have to look through the users one at a time to
see if they need to have the group added to them or not.
I started to think whether I need to change the way that the groups are
configured in my DokuWiki installation. What if, instead of configuring
the groups through the user manager plugin, the admin simply opens up a
page in the "group:*" namespace with the name of the group (eg.
"students"), and then simply adds a bunch of users to this document. By
doing this, the users are added to the group, whether they are a plain
auth user, or a custom auth user. Of course, you restrict the ACL on
group:* so that nobody has any access. Admins would still be able to
modify the files, which is how they add users to groups. Of course my
auth plugin would have to go through all the files in the "group:*"
namespace, looking for the user to determine if they should be added to
a group. (In some sense, this is "kind of" how TWiki deals with
groups). Does this method make any sense?
To start to solve this problem, I created an auth.class.php which
extends plain_auth and has only one function for checkPass. Right now,
it starts by calling $this->getUserData($user) to check on the settings
for each user (email, and groups), and since I don't define a
getUserData() function in my custom auth plugin (yet), it ends up
calling the getUserData from auth_plain, which, of course ends up
denying access to the site since the users are not listed in the
auth.users.php file. My getUserData($user) function in my custom
auth.class.php should check whether the user exists on our system, and
provide the e-mail address, and groups. The issue is that getUserData
just reads the data into an array, and it's not clear to me if I read
this data into an array in my custom auth.class.php whether the array
can still contain the users from auth.users.php (plain.class.php).
Furthermore, since I don't want the system users showing up in the user
manager, is adding them to this array going to make this happen?
Finally, since I want all group data to go into the same place, I guess
I need to modify auth_plain getUserData function to look for groups in
group:* as well? or is there a better way?
I guess it would be ideal if there were a "group" manager plugin much
like the "user manager" plugin that lists all the groups, and lets you
copy and paste as user list, but I guess this isn't easily done.
Anyway, any feedback/suggestions would be appreciated...
Jason.
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
|
|
