incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Jaquith <>
Subject Re: Of Permissions and ACLs
Date Fri, 26 Mar 2010 16:59:03 GMT
Peter, your understanding is correct. To accomplish what you want,
you'd need to edit the ACLs of the protected pages to include the
Editors. Or, as you pointed out, you can give the Editors the

You can see why it is this way, right? Otherwise, ACLs would
essentially be meaningless because you could override any ACL by
modifying the base policy. But let me think about this a bit more.
Perhaps there is something we can do in the 3.1 timeframe.


On Fri, Mar 26, 2010 at 12:19 PM, Peter Schart
<> wrote:
> I'll try to keep this as brief as possible as I'm fairly sure it has a simple answer.
Here's the situation:
> I've got a wiki that has some fairly strict permissions:
> 1. Nothing is viewable unless asserted or authenticated.
> 2. Nothing is editable unless user is a member of group "Editors".
> 3. Non-editors belong to 1 of 3 groups (call them A, B, and C)
> 4. Some pages are viewable by all 3 groups; others are only viewable to 1 of the 3 groups
(via ACLs, e.g.: [{ALLOW view A}].
> What I'd like to do (and what I think is impossible) is to allow members of the "Editors"
group to be able to view/edit anything (regardless of whatever ACL a page might have) but
not have AllPermissions (i.e.: they shouldn't be able to approve new users, delete pages,
> In my .policy, the Editors group has modify and rename for PagePermissions but I still
get the "You're not allowed to do that" message when trying to view any page with an "ALLOW
view [A|B|C]" ACL.
> I *think* that the only way to override page ACLs is to give the group AllPermission
in the .policy.  Is this correct? If so, is there anyway to achieve the "Editors can edit
anything but aren't admins" goal other than adding "Editors" to every view ACL?
> Thanks for your help.

View raw message