Closed hokkaidoperson closed 5 years ago
That sounds reasonable. I assume that the reasoning of the original author was that the user is in fact creating a new page and therefore needs create permission. I think the best way to handle this is to give the admin a choice as to whether to use CREATE or READ. But in the meantime you can make the change you want at line 151. If you are familiar enough with syntax plugins and can create a pull request which does this, that would be great.
I've done the above myself. It is temporarily in a separate new branch: https://github.com/turnermm/newpagetemplate/archive/acl.zip Please install it and try it out. Thanks.
Thank you, I'll use it.
In my wiki, the root namespace is set to the ACL 'read', and specific namespaces (such as 'a:' and 's:') are 'upload'. In this case, the template page is in the root namespace (that doesn't allow users to create pages), and users make pages in the namespaces 'a', 's', etc. with the template.
Hello
When I used this plugin at first, I saw the error "You do not have access to the template …" (while logging out from the superuser account) Then I found that this is because the ACL of the template was 'read' (I don't want to allow users to change the template) and the required permission was 'create' (Line 151 of action.php) I think that the permission check might be enough with 'AUTH_READ.'
Could you cope with it? (Tell me if there is a security risk I'm overlooking.)