Add new attachment

Only authorized users are allowed to upload new attachments.

This page (revision-7) was last changed on 28-Apr-2006 10:58 by Jérôme Duprez  

This page was created on 26-Apr-2006 18:05 by 195.25.133.175

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 added 5 lines
Forget about me, this is indeed not a bug, but instead a wrong setting from my part... stupid me!
I leave the description here in case someone has the same issue and stumbles
on this poage when searching for support...
At line 7 changed one line
|[Bug status]|NewBug
|[Bug status]|NotABug
At line 16 changed one line
However anonymous users can indeed not view any page. They have to login first, then everything works as expected, as far as I could test.
It all works as expected until an authenticated user logs out (and its status falls back to ''asserted''). Then the user cannot view any page, he has to login again.
At line 29 changed 2 lines
//permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
//permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
At line 34 changed one line
// (...) Asserted role omitted, same settings indeed
// Asserted role: the erreor is here: I simply commented out the "edit" permission,
// and forgot to add a "view" one!
grant signedBy "jspwiki"
principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" {
//permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "edit";
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:Guest*", "edit";
//permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
};
At line 36 removed one line
// Authenticated users:
At line 52 added one line
// Authenticated users:
At line 49 changed one line
Here are the traces from {{jspwiki.log}}:
I should have understood it from the logs, where we clearly see that the user name is still recognized (so the user is not ''anonymous'').
At line 74 added 12 lines
----
Hi --
Thanks for posting this. Looks like you found out what the issue is, namely that you didn't include ''view'' permission in the 'asserted' block in the policy file. So yes, it will want to redirect you to the login page after logout, because the user status falls back to 'asserted'.
Another person posted a bug request asking us to change the default behavior of the logout process so that it removes the assertion cookie also. That would cause the user's status to fall back to 'Anonymous'. It's a good idea, and your example gives me another reason why.
Also -- I think what I will do in the next revision of the default {{jspwiki.policy}} file is add a standard block for 'All' users. That will make the grant blocks for the other roles more compact.
--Andrew Jaquith, 28-Apr-2006
Version Date Modified Size Author Changes ... Change note
7 28-Apr-2006 10:58 5.811 kB Jérôme Duprez to previous
6 28-Apr-2006 07:45 5.79 kB Andrew Jaquith to previous | to last
5 27-Apr-2006 11:48 4.997 kB Jérôme Duprez to previous | to last
4 27-Apr-2006 11:45 4.863 kB Jérôme Duprez to previous | to last
3 27-Apr-2006 11:40 4.467 kB Jérôme Duprez to previous | to last
2 26-Apr-2006 18:12 3.973 kB Jerome Duprez to previous | to last
1 26-Apr-2006 18:05 3.88 kB 195.25.133.175 to last
« This page (revision-7) was last changed on 28-Apr-2006 10:58 by Jérôme Duprez