Jan Steinman wrote:
I've added a field to mw_user that is membership type: an enum with 'non-member', 'supporter', 'member', 'director'. Only the latter two are allowed to view certain content. I hacked the Security extension to do that. Pages with <security></security> cause the Security extension to check the membership type of the current user and display or not accordingly.
Certainly not 128-bit DES, nor even a full ACL implementation, but enough to allow members to view each other's personal info (phone, address, interests, etc.) without letting the whole world in on it.
Would you mind sending me a copy of that extension to try poking some holes in it?
-- brion vibber (brion @ pobox.com)