This is version . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]

I have two wikis, "open" and "private", the policy file restricts the "private" wiki to "View" only for users with a special role.

First, here is the config for the open wiki:

grant signedBy "jspwiki", 
  principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
  
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "open:*", "view";
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "open:*", "edit";
};

On the open wiki I can restrict edit privileges for example by adding this ACL to the frontpage:

[{Allow edit Admin}]

Therefore the ACL "seems" to reduces the privileges, overwriting the privileges granted by PagePermission "open:*", "edit"; This is fine.

Now to the second private wiki where I assume the same behavior, but on a different level: Instead of restricting edit privileges, I now want to restrict view privileges. First, heres the configuration:

grant signedBy "jspwiki", 
  principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "private", "editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "private", "editProfile";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "private", "login";
};

grant signedBy "jspwiki",
  principal com.ecyrd.jspwiki.auth.GroupPrincipal "Guest" {
  permission com.ecyrd.jspwiki.auth.permissions.PagePermission "private:*", "view";
};

Now with the same logic that seems to be available for "edit" in an open wiki I am trying to reduce the "view" on a certain page only to admins with the following ACL. This should overwriting the privileges granted by PagePermission "private:*", "view";

[{Allow view Admin}]

However this does not work. Can someone reproduce this issue (latest 2.4 code)?

--ChristophSauer, 2007-30-June


Looks simple (though I didn't test this). In the above example, you restrict to role "Anonymous" - which is automatically removed when you log in, so you're left with Authenticated and Admin (+ whichever groups you belong to). In the lower example you're limiting to Group Guest, which is given to everyone, including people who're logged in.

I think you should also use Role Anonymous in the below example to get it going...

I'm not really sure whether this is a bug or just an artifact of the way the permission system works. Andrew would be more qualified to answer that...

--JanneJalkanen, 30-Jun-2007

What I want here is that in the private wiki you do not get view privileges automatically, even if you are authenticated, you should not be authorized by default. First someone has to assign the Group "Guest" to you. Then as a guest you can view everything (by default). Therefore I don't want the role anonymous to have any rights. So what do you mean by "use Role Anonymous"?

--ChristophSauer, 30-Jun-2007

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
txt
open_private.txt 2.8 kB 1 30-Jun-2007 12:49 ChristophSauer
« This particular version was published on 30-Jun-2007 12:46 by ChristophSauer.