jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Janne Jalkanen <Janne.Jalka...@ecyrd.com>
Subject Re: ACL filter
Date Wed, 11 Jun 2008 21:41:20 GMT
> This is convenient but causes a problem: any member of staff can edit
> this ACL (say, by mistake) to break the access control policy.

That isn't necessarily a bad thing - wikis are based largely on trust.

> In the preSave method, if the current editor has the special role that
> allows him to handle ACL, the to-be-saved content is saved directly.
> Otherwise, any ACL in the to-be-saved content is ignored, and the
> current (official) ACLs are read from the current version of the page
> and appended to the to-be-saved content, before it is saved.

This should work.  It's probably easier to simply reject edits which  
are trying to mess your ACLs; then you don't have to parse/fix things  
too much.


View raw message