incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Weijian Fang">
Subject ACL filter
Date Wed, 11 Jun 2008 11:19:07 GMT

We plan to use ACL to control page access. E.g., the following ACLs
say only members of staff group can view and edit the page:
[{ALLOW edit StaffGroup}], where StaffGroup is a wiki group defined to
include all members of staff.

This is convenient but causes a problem: any member of staff can edit
this ACL (say, by mistake) to break the access control policy.
Ideally,  we want though any member of staff can edit this page, but
only some people with a special role can edit the ACL inside the page.

I don't know whether this is possible in JSPWiki 2.6.2 or by some
contributed plugin/filter. (If you know, please tell me! thanks!) So I
propose use a filter to implement this:

In the preSave method, if the current editor has the special role that
allows him to handle ACL, the to-be-saved content is saved directly.
Otherwise, any ACL in the to-be-saved content is ignored, and the
current (official) ACLs are read from the current version of the page
and appended to the to-be-saved content, before it is saved.

Has this done before? Any suggestions or alternatives? Many thanks!




View raw message