incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Weijian Fang" ...@ecs.soton.ac.uk>
Subject Re: ACL filter
Date Wed, 11 Jun 2008 21:48:18 GMT
2008/6/11 Janne Jalkanen <Janne.Jalkanen@ecyrd.com>:
>> This is convenient but causes a problem: any member of staff can edit
>> this ACL (say, by mistake) to break the access control policy.
>
> That isn't necessarily a bad thing - wikis are based largely on trust.
>
>> In the preSave method, if the current editor has the special role that
>> allows him to handle ACL, the to-be-saved content is saved directly.
>> Otherwise, any ACL in the to-be-saved content is ignored, and the
>> current (official) ACLs are read from the current version of the page
>> and appended to the to-be-saved content, before it is saved.
>
> This should work.  It's probably easier to simply reject edits which are
> trying to mess your ACLs; then you don't have to parse/fix things too much.
>
How to reject edits in the preSave method?

Cheers,

Weijian


> /Janne
>

Mime
View raw message