incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Schart <p...@goodinassociates.com>
Subject Of Permissions and ACLs
Date Fri, 26 Mar 2010 16:19:52 GMT
I'll try to keep this as brief as possible as I'm fairly sure it has a simple answer. Here's
the situation:

I've got a wiki that has some fairly strict permissions:
1. Nothing is viewable unless asserted or authenticated.
2. Nothing is editable unless user is a member of group "Editors".
3. Non-editors belong to 1 of 3 groups (call them A, B, and C)
4. Some pages are viewable by all 3 groups; others are only viewable to 1 of the 3 groups
(via ACLs, e.g.: [{ALLOW view A}].

What I'd like to do (and what I think is impossible) is to allow members of the "Editors"
group to be able to view/edit anything (regardless of whatever ACL a page might have) but
not have AllPermissions (i.e.: they shouldn't be able to approve new users, delete pages,
etc...).

In my .policy, the Editors group has modify and rename for PagePermissions but I still get
the "You're not allowed to do that" message when trying to view any page with an "ALLOW view
[A|B|C]" ACL.

I *think* that the only way to override page ACLs is to give the group AllPermission in the
.policy.  Is this correct? If so, is there anyway to achieve the "Editors can edit anything
but aren't admins" goal other than adding "Editors" to every view ACL?

Thanks for your help.
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message