Return-Path: Delivered-To: apmail-incubator-jspwiki-user-archive@locus.apache.org Received: (qmail 60698 invoked from network); 11 Jun 2008 21:43:21 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 11 Jun 2008 21:43:21 -0000 Received: (qmail 14449 invoked by uid 500); 11 Jun 2008 21:43:23 -0000 Delivered-To: apmail-incubator-jspwiki-user-archive@incubator.apache.org Received: (qmail 14436 invoked by uid 500); 11 Jun 2008 21:43:23 -0000 Mailing-List: contact jspwiki-user-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: jspwiki-user@incubator.apache.org Delivered-To: mailing list jspwiki-user@incubator.apache.org Received: (qmail 14424 invoked by uid 99); 11 Jun 2008 21:43:23 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Jun 2008 14:43:23 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of Janne.Jalkanen@ecyrd.com designates 193.64.5.122 as permitted sender) Received: from [193.64.5.122] (HELO mail.ecyrd.com) (193.64.5.122) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Jun 2008 21:42:33 +0000 Received: from [192.168.0.12] (cs181005170.pp.htv.fi [82.181.5.170]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.ecyrd.com (Postfix) with ESMTP id 39BDB708042 for ; Thu, 12 Jun 2008 00:42:04 +0300 (EEST) Mime-Version: 1.0 (Apple Message framework v753) In-Reply-To: <5d3b96380806110419y79ed72c0q8188ee1da3c02678@mail.gmail.com> References: <5d3b96380806110419y79ed72c0q8188ee1da3c02678@mail.gmail.com> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <3CF81586-6BBA-49BB-9CAE-8D729CB46A28@ecyrd.com> Content-Transfer-Encoding: 7bit From: Janne Jalkanen Subject: Re: ACL filter Date: Thu, 12 Jun 2008 00:41:20 +0300 To: jspwiki-user@incubator.apache.org X-Mailer: Apple Mail (2.753) X-Virus-Checked: Checked by ClamAV on apache.org > This is convenient but causes a problem: any member of staff can edit > this ACL (say, by mistake) to break the access control policy. That isn't necessarily a bad thing - wikis are based largely on trust. > In the preSave method, if the current editor has the special role that > allows him to handle ACL, the to-be-saved content is saved directly. > Otherwise, any ACL in the to-be-saved content is ignored, and the > current (official) ACLs are read from the current version of the page > and appended to the to-be-saved content, before it is saved. This should work. It's probably easier to simply reject edits which are trying to mess your ACLs; then you don't have to parse/fix things too much. /Janne