This is version . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]

I have two wikis, "open" and "private", the policy file restricts the "private" wiki to "View" only for users with a special role.

First, here is the config for the open wiki:

grant signedBy "jspwiki", 
  principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
  
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "open:*", "view";
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "open:*", "edit";
};

On the open wiki I can restrict edit privileges for example by adding this ACL to the frontpage:

[{Allow edit Admin}]

Therefore the ACL "seems" to reduces the privileges, overwriting the privileges granted by PagePermission "open:*", "edit"; This is fine.

Now to the second private wiki where I assume the same behavior, but on a different level: Instead of restricting edit privileges, I now want to restrict view privileges. First, heres the configuration:

grant signedBy "jspwiki", 
  principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "private", "editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "private", "editProfile";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "private", "login";
};

grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.GroupPrincipal "Guest" {
  permission com.ecyrd.jspwiki.auth.permissions.PagePermission "private:*", "view";
};

Now with the same logic that seems to be available for "edit" in an open wiki I am trying to reduce the "view" on a certain page only to admins with the following ACL. This should overwriting the privileges granted by PagePermission "private:*", "view";

[{Allow view Admin}]

However this does not work. Can someone reproduce this issue (latest 2.4 code)?

--ChristophSauer, 2007-30-June


Looks simple (though I didn't test this). In the above example, you restrict to role "Anonymous" - which is automatically removed when you log in, so you're left with Authenticated and Admin (+ whichever groups you belong to). In the lower example you're limiting to Group Guest, which is given to everyone, including people who're logged in.

I think you should also use Role Anonymous in the below example to get it going...

I'm not really sure whether this is a bug or just an artifact of the way the permission system works. Andrew would be more qualified to answer that...

--JanneJalkanen, 30-Jun-2007

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
txt
open_private.txt 2.8 kB 1 30-Jun-2007 12:49 ChristophSauer
« This particular version was published on 30-Jun-2007 11:09 by JanneJalkanen.