TitlePage permissions problems.
Date18-Oct-2007 20:44:00 EEST
JSPWiki version2.4
Idea CategoryUserInterfaceIdea
Idea StatusNewIdea

I've just downloaded and installed the stable version 2.4. (A couple of days ago I guess, say, 10/16/2007.) I've noticed two types of problems with page permissions. First, when creating a new page, the page permissions of the old page don't automatically get transferred to the new page, making it possible for pages that are supposed to be restricted to group to not be--until one comes to one's senses and goes through and adds the permissions to all the new pages! Second, I've noticed that orphaned pages, restricted to group, aren't, allowing folks outside the group to access them from the left hand menu.

I believe the first problem can be replicated by anyone, anywhere. Just add some page permissions to a page--e.g.

[{ALLOW view FMRIGroup}]
[{ALLOW edit FMRIGroup}]
[{ALLOW upload FMRIGroup}]
[{ALLOW delete FMRIGroup}]

and create a new page off of that page. It doesn't have any page permissions specified.

I believe the second problem can be replicated by orphaning a page and then accessing it via one of the left-hand page indexing functions.

Both problems make it a real challenge to keep material within group! :) Other than that I've enjoyed JSPWiki a lot--thanks!

I think what you need is not a wiki - a wiki does not function well if you are trying to limit viewership too much. Typically people just spawn a new wiki for a particular subgroup, if they want to keep it within that group. Having a very large wiki with many groups is just calling for trouble...

-- JanneJalkanen

You're right--I could do that. Maybe I spoke too soon too--I should stare at the code and notes for a bit to see what a group is supposed to be; so far as I can tell, it's a way of restricting access to pages, but maybe I don't have the big picture. The one thing that does seem incongruent to me though is that sometimes when using the Recent Changes page, attachments to pages that are restricted can be seen by users who have not logged in. For instance on my installation (v. 2.4.104), this animated gif http://wiki.phil.cmu.edu/jspwiki/attach/Experiment102407/ngcorrelation.gif can be viewed anonymously while this one http://wiki.phil.cmu.edu/jspwiki/attach/Experiment102407/kmeanscorrelation.gif cannot, and they are attachments to the same page, restricted to group using the above restrictions--i.e.

[{ALLOW view FMRIGroup}]
[{ALLOW edit FMRIGroup}]
[{ALLOW upload FMRIGroup}]
[{ALLOW delete FMRIGroup}]


Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-3) was last changed on 31-Oct-2007 18:15 by