incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Jaquith <andrew.r.jaqu...@gmail.com>
Subject Re: edit PagePermission implies createPages WikiPermission?
Date Thu, 14 Jan 2010 15:44:47 GMT
Weijin --

Your understanding is correct: users who have the "edit"
PagePermission, but hot the "createPages" WikiPermission, should not
be allowed to create new pages.

The "edit" PagePermission should not imply the "createPages"
WikiPermission. The Java code for the two classes doesn't show that
there is any relationship between the two. If that is actually
happening, then it is a bug.

Could you verify this behavior with a completely stripped down
security policy? (i.e., remove all commented out permissions, etc)?

Andrew

On Thu, Jan 14, 2010 at 10:34 AM, Weijian Fang <wf@ecs.soton.ac.uk> wrote:
> Hi,
>
> In my jspwiki 2.6.2 isntallation, if I give the "edit" PagePermission
> to somebody, e.g. Authenticated users,  but not the "createPages"
> WikiPermission, my understanding is the users should be able to edit
> existing pages but not create new pages.
>
> grant
>  principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
>    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "view";
>    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "edit";
>    permission com.ecyrd.jspwiki.auth.permissions.PagePermission
> "*:*", "upload";
> //    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
> "*", "createPages";
> };
>
> However, my authenticated users also get the permission to create
> pages. In my experiments, the "upload" PagePermission does not imply
> "createPages", but "edit" does.
>
> Have anyone seen this before? Where did I do wrong? Many thanks.
>
> Weijian
>

Mime
View raw message