incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Weijian Fang">
Subject Re: ACL filter
Date Wed, 11 Jun 2008 21:48:18 GMT
2008/6/11 Janne Jalkanen <>:
>> This is convenient but causes a problem: any member of staff can edit
>> this ACL (say, by mistake) to break the access control policy.
> That isn't necessarily a bad thing - wikis are based largely on trust.
>> In the preSave method, if the current editor has the special role that
>> allows him to handle ACL, the to-be-saved content is saved directly.
>> Otherwise, any ACL in the to-be-saved content is ignored, and the
>> current (official) ACLs are read from the current version of the page
>> and appended to the to-be-saved content, before it is saved.
> This should work.  It's probably easier to simply reject edits which are
> trying to mess your ACLs; then you don't have to parse/fix things too much.
How to reject edits in the preSave method?



> /Janne

View raw message