incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Jaquith <>
Subject Re: GroupPermission
Date Wed, 30 Sep 2009 21:32:50 GMT
That won't work, because permissions are "unions" of one another,
rather than intersections.

What you are asking for, essentially, is a "negative" permission...
that is, grant all group members of all groups EXCEPT if it's called
"Editors" to edit the group. Or putting it differently, deny
permission to edit group membership when the group name is "Editors."

Negative permissions aren't possible in JSPWiki, nor are they planned.
The work-around would be to grant groupmember edit rights explicitly
only to those groups you want members to be able to edit. That's a
little more tedious, to be sure.

Sorry if this wasn't the answer you were looking for.


On Wed, Sep 30, 2009 at 4:18 PM,  <> wrote:
> Hi,
> I have the following configuration:
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
>    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*",
> "view";
>    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission
> "*:<groupmember>", "edit";
>    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "createGroups";
> };
> The problem is, that I have a group called "Editor" in my wiki where group
> members are not allowed to edit this group, but should be able to edit any
> other group they are member of.
> To handle this situation, I tried to add the following Permission line to
> the grant block above:
> permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:Editor*",
> "view";
> But as you may know, this kind of "code" snippet, didn't solve the problem.
> So what can I do to get things work?!
> If the solution for this problem needs some source code modifications, do
> not hesitate to post some code (I am using JSPWiki 2.8.1) :)
> Best Regards,
> Christoph

View raw message