Tuesday, May 3, 2011, 6:35:11 PM, Sandy wrote: > If it is possible to see and (:include:) file which you don't have > access to, and access was set properly, then it's a bug.
Peter's point was that page specific authorisations always need to be set in the page, via action=attr, or in the groups GroupAttributes page, via action=attr, never via conditionals in config.php. All $DefaultPasswords items should be set in config.php only, and not set with group or page specific conditionals, as these will not have any effect for a page which is included via (:include ...:). But an included page's (access-) attributes will be recognised and honoured. So there is no bug. One just cannot do a shortcut of setting page or group specific access authorisations in config.php or a Page or Group php file. They need to be set in the page. The spread of authorisation settings on multiple pages is unavoidable in PmWiki's security model. AuthList just helps to see it in one place. ~Hans _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users