[dokuwiki] auth update (+re: ACL/group caching) ?
- From: Chris Smith <chris@xxxxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Thu, 20 Oct 2005 20:13:03 +0100
Daniel Mitchell wrote:
Is there any way to get dokuwiki to recognise changes to the groups
that a user is in without them logging out and in again? Since we added
restricted access to bits of our wiki, people will create accounts, log
in, but still not be able to get at stuff until I log in to the server
and edit users.auth.php to add them to the relevant groups
Hi,
A very serendipitous note, I have just sent off the auth updates and I
forgot to workout and include that.
Andi how do you do the forced relog? ... I know you forced a userinfo
update in response to another bug/request. I haven't had a chance to
look into this, but I presume its session or cookie related - as during
auth development I was able to stay logged in as an admin even with a
messed users file. :)
I have just sent a patch with the objectified auth mechanism along with
update profile and resend password functions.
Some notes/explanation on what I did.
- I have only properly converted & tested the plain auth functions. I
have basic files for the other three systems, just moving the code into
a class wrapper and adjusting names/paramters to match the new
names/parameters. Since I don't run any of the other systems I can't
test them. If someone who does would like to get in touch to get hold
of the revised files to try them out, please do. Otherwise, I can
package them up and darcs them through to you - untested.
- I have done things so the old and new auth systems can operate side by
side. The new files are named <mechanism>.class.php (e.g.
plain.class.php). auth.php will look for the class file and attempt to
instantiate an auth object, if its successful back-end authorisation
functions will be handled by the auth object. If not it will load the
<mechanism>.php (e.g. mysql.php) file in the normal manner.
- There is a basic.class.php which provides the foundation class. Take
a look at it and plain.class.php to see what's going on. The idea is an
authorisation mechanism should only provide those methods it supports.
There is code in auth.php to check for method/function existence before
attempting to call non-existent methods and to respond appropriately
(generally with the normal negative result). Other parts of Dokuwiki can
query the auth backend via auth_canDo('function name').
- The new "Update Profile" and "Resend Password" actions take
advantage of auth_canDo to check that user modification (modifyUser) is
available and will not be shown on the screen (or attempted) if its not
available.
- The total list of methods is more than in my previous mail. Check
plain.class.php or basic.class.php to see the list. If I have gone OTT
the extras can be removed. The additional methods are mainly concerned
with providing (1) a simple interface for table based auth storage to
manage groups and group memberships - I think attempting to do that
solely through modifyUser would be clumsy and (2) a method for bulk user
retrieval to assist in user management.
- I have taken neolaos User Manager plugin and reworked it to access the
new auth functions. I'll post the plugin details at splitbrain later.
If the wiki is running the objectified auth backend the updated plugin
will provide user management irrespective of the underlying mechanism -
at least as far as those functions the backend supports.
- apart from the expected changes to handle the above, there are:
-- one new $conf setting. 'profileconfirm', require the current password
to accomplish a profile update. Only applies to self updates, not
admins via plugins. I made the default setting 1.
-- slight change to io_deleteFromFile allowing regex patterns to be
passed. If a pattern is specified all lines that match the pattern will
be deleted. Its a little bit of a kludgy change :) but seemed better
than duplicating the function for auth plain. If the change isn't
appropriate I can work something else out.
-- language strings and text files for buttons, prompts, messages etc.
Someone may want to review them.
Cheers,
Chris
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
Other related posts: