1.1 --- a/pages/HelpOnMoinForms Thu Feb 07 00:15:43 2013 +0100
1.2 +++ b/pages/HelpOnMoinForms Sat Feb 09 15:55:10 2013 +0100
1.3 @@ -257,7 +257,7 @@
1.4
1.5 Thus, on any page for which a user only has read access, any form will by default be visible but not usable for submitting data.
1.6
1.7 -However, it is possible to override these restrictions by specifying an `access` keyword which defines a different set of permissions that applies to a user when using the form. For example:
1.8 +Since granting write access to a user will also permit them to change the form definition, as discussed below, it is possible to override these restrictions specifically for each form. This is done by specifying an `access` keyword which defines a different set of permissions that applies to a user when using the form. For example:
1.9
1.10 {{{{
1.11 {{{#!form fragment=exampleform5 access='All:write'
1.12 @@ -269,6 +269,10 @@
1.13
1.14 The `access` keyword supports the conventional [[HelpOnAccessControlLists|ACL]] syntax, and where spaces are present in the specified value, quotes should be placed around the value itself and not the `access` keyword and equals sign as well.
1.15
1.16 +{{{#!wiki important
1.17 +Note that in practice, any user with write access to a page can change the `access` criteria and grant themselves admin access to a form. Therefore, any use of forms where users are not generally to be trusted with the submitted data or the integrity of the form definition should be protected by a page ACL that denies write access to all but privileged users. The general users of the form can then be granted write access to it specifically.
1.18 +}}}
1.19 +
1.20 === Extending the Default Form Handler ===
1.21
1.22 Specific applications will probably need to provide more sophisticated validation and handling of forms than the default action. This is most easily done by writing an action with the following general form: