I just noticed that I was missing a semi-colon after the first block. I
think that was my problem.
Thanks for your help Andrew.
Tim Koop
Tim Koop wrote:
So if I went with your second suggestion, the file might contain these
blocks?
grant signedBy "jspwiki",
principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"login";
permission com.ecyrd.jspwiki.auth.permissions.PagePermission
"*:Public*", "view";
}
grant signedBy "jspwiki",
principal com.ecyrd.jspwiki.auth.GroupPrincipal "EDITORS" {
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"view";
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
"edit,rename";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"createPages";
};
I think I'm not doing something right, because when I logged in as a
user who is an EDITOR, I can't view the sandbox and I get this in the
log:
User editor1 has no access - forbidden
(permission=("com.ecyrd.jspwiki.auth.permissions.PagePermission","wiki:SandBox","view"))
Tim Koop
Andrew Jaquith wrote:
That was my point. You can't.
You have two options:
- Use the Role "All" to apply just view permissions to everybody,
regardless of authentication status, and use Role "Authenticated" to
give logged-in users edit rights (this was what I recommended in my
previous reply)
OR
- Create a separate group (e.g., "Editors") who have edit rights, and
give everyone with Role "Authenticated" view rights
Andrew
On Jul 6, 2007, at 4:05 PM, Tim Koop wrote:
Thanks Andrew.
But how do I keep these people who log in with a username and
password that is in the Public group to not be able to edit pages,
since they are Authenticated just like everyone else?
Tim Koop
Andrew Jaquith wrote:
Tim,
You are half-right. Group permissions do not apply unless a person
is authenticated. So, both permission blocks would apply because a
user for who is considered to be part of "PUBLIC" is, by
definition, also authenticated.
Consider using Role "All" instead of GroupPrincipal "Public". The
"All" role applies to all users, regardless of whether they are
authenticated. You could also simply add a privilege block for Role
"Asserted" or Role "Anonymous" if you wanted to be more granular.
Andrew
Thus,
On Jul 6, 2007, at 3:33 PM, Tim Koop wrote:
I want to add a group called PUBLIC that can only view certain
pages, not edit or anything else like the other normal people do.
So I added this to jspwiki.policy:
grant signedBy "jspwiki",
principal com.ecyrd.jspwiki.auth.GroupPrincipal "PUBLIC" {
permission com.ecyrd.jspwiki.auth.permissions.PagePermission
"*:Public*", "view";
};
But I still have that section that will still let PUBLIC users do
everything else, since they are still Authenticated:
grant signedBy "jspwiki",
principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
permission com.ecyrd.jspwiki.auth.permissions.PagePermission
"*:*", "edit,rename";
permission com.ecyrd.jspwiki.auth.permissions.GroupPermission
"*:*", "view";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
"*", "createPages";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
"*", "login";
};
I think I need to remove these permissions for the PUBLIC group,
or somehow not give them these permissions in the first place.
Any ideas?
Thanks.
--
Tim Koop
_______________________________________________
This is the Jspwiki-users mailing list, in which we discuss the
stable release (even-numbered, 2.4.x, 2.6.x), and user-issues. For
development discussion, please join jspwiki-dev.
http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users
http://www.jspwiki.org/JSPWikiMailingList
_______________________________________________
This is the Jspwiki-users mailing list, in which we discuss
thestable release (even-numbered, 2.4.x, 2.6.x), and
user-issues.For development discussion, please join jspwiki-dev.
http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users
http://www.jspwiki.org/JSPWikiMailingList
_______________________________________________
This is the Jspwiki-users mailing list, in which we discuss the
stable release (even-numbered, 2.4.x, 2.6.x), and user-issues. For
development discussion, please join jspwiki-dev.
http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users
http://www.jspwiki.org/JSPWikiMailingList
_______________________________________________
This is the Jspwiki-users mailing list, in which we discuss thestable
release (even-numbered, 2.4.x, 2.6.x), and user-issues.For
development discussion, please join jspwiki-dev.
http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users
http://www.jspwiki.org/JSPWikiMailingList
_______________________________________________
This is the Jspwiki-users mailing list, in which we discuss the stable
release (even-numbered, 2.4.x, 2.6.x), and user-issues. For
development discussion, please join jspwiki-dev.
http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users
http://www.jspwiki.org/JSPWikiMailingList
_______________________________________________
This is the Jspwiki-users mailing list, in which we discuss the
stable release (even-numbered, 2.4.x, 2.6.x), and user-issues.
For development discussion, please join jspwiki-dev.
http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users
http://www.jspwiki.org/JSPWikiMailingList
