Jan Steinman wrote:
I've added a field to mw_user that is membership
type: an enum with
'non-member', 'supporter', 'member', 'director'. Only the
latter two are
allowed to view certain content. I hacked the Security extension to do
that. Pages with <security></security> cause the Security extension to
check the membership type of the current user and display or not
accordingly.
Certainly not 128-bit DES, nor even a full ACL implementation, but
enough to allow members to view each other's personal info (phone,
address, interests, etc.) without letting the whole world in on it.
Would you mind sending me a copy of that extension to try poking some
holes in it?
-- brion vibber (brion @
pobox.com)