26 Aug
2005
26 Aug
'05
11:12 a.m.
Hello,
I have a question for SmallWiki 1 (since it is for my "production"
wiki)...
I would like to protect part of my SmallWiki site (my "intranet")
such that people have to login to even view that part. The rest of
the site (the public part) still needs to be visible to anonymous
(but editable by admin).
Is there a way to support this scenario ? From what I understood this
is currently not possible (e.g. Roles are global). Am I correct ?
Anybody made extensions to allow for this kind of scenario ?
--
Roel Wuyts
26 Aug
26 Aug
11:54 a.m.
Am 26.08.2005 um 11:12 schrieb Roel Wuyts:
Hello,
I have a question for SmallWiki 1 (since it is for my "production"
wiki)...
I would like to protect part of my SmallWiki site (my "intranet")
such that people have to login to even view that part. The rest of
the site (the public part) still needs to be visible to anonymous
(but editable by admin).
Is there a way to support this scenario ? From what I understood
this is currently not possible (e.g. Roles are global). Am I
correct ? Anybody made extensions to allow for this kind of scenario ?
It's possible in the current implementation without extension. The
key is to give permissions only to the structures, not to the users.
When a user tries to access a structure, the permissions are taken
from the structure. I think the following should work for you:
- anonymous user:
-- role 'anon' (no permissions)
- registered user
-- role 'editor' (no permissions)
- root folder '/'
-- role 'anon' (allow read)
-- role 'editor (allow read and write)
- folder '/private/'
-- role 'anon' (no permissions)
I'm not 100% sure if you can indeed "take away" permissions in the
subfolder, you need to try that.
We employ an even finer-grained scheme with write access for
different users in different folders. For that, we give each folder a
separate role with write permissions (the role is named after the
folder). When a user should be allowed to write in that folder, it is
assigned a role with the folder name (but again without permissions).
- Bert -
29 Aug
29 Aug
1:32 p.m.
I see.
I'll play with this and see what it gives.
Thanks!
On 26 Aug 2005, at 11:54, Bert Freudenberg wrote:
Am 26.08.2005 um 11:12 schrieb Roel Wuyts:
Hello,
I have a question for SmallWiki 1 (since it is for my "production"
wiki)...
I would like to protect part of my SmallWiki site (my "intranet")
such that people have to login to even view that part. The rest of
the site (the public part) still needs to be visible to anonymous
(but editable by admin).
Is there a way to support this scenario ? From what I understood
this is currently not possible (e.g. Roles are global). Am I
correct ? Anybody made extensions to allow for this kind of
scenario ?
It's possible in the current implementation without extension. The
key is to give permissions only to the structures, not to the
users. When a user tries to access a structure, the permissions are
taken from the structure. I think the following should work for you:
- anonymous user:
-- role 'anon' (no permissions)
- registered user
-- role 'editor' (no permissions)
- root folder '/'
-- role 'anon' (allow read)
-- role 'editor (allow read and write)
- folder '/private/'
-- role 'anon' (no permissions)
I'm not 100% sure if you can indeed "take away" permissions in the
subfolder, you need to try that.
We employ an even finer-grained scheme with write access for
different users in different folders. For that, we give each folder
a separate role with write permissions (the role is named after the
folder). When a user should be allowed to write in that folder, it
is assigned a role with the folder name (but again without
permissions).
- Bert -
5:15 p.m.
After talking with a colleague it appears that you can indeed not
"take away" permissions in a subfolder, all permissions are inherited.
You could still use the scheme I outlined below by having the root
folder '/' restricted and have a '/public' folder with more
permissions for the 'anon' role.
- Bert -
Am 29.08.2005 um 13:32 schrieb Roel Wuyts:
I see.
I'll play with this and see what it gives.
Thanks!
On 26 Aug 2005, at 11:54, Bert Freudenberg wrote:
Am 26.08.2005 um 11:12 schrieb Roel Wuyts:
Hello,
I have a question for SmallWiki 1 (since it is for my
"production" wiki)...
I would like to protect part of my SmallWiki site (my "intranet")
such that people have to login to even view that part. The rest
of the site (the public part) still needs to be visible to
anonymous (but editable by admin).
Is there a way to support this scenario ? From what I understood
this is currently not possible (e.g. Roles are global). Am I
correct ? Anybody made extensions to allow for this kind of
scenario ?
It's possible in the current implementation without extension. The
key is to give permissions only to the structures, not to the
users. When a user tries to access a structure, the permissions
are taken from the structure. I think the following should work
for you:
- anonymous user:
-- role 'anon' (no permissions)
- registered user
-- role 'editor' (no permissions)
- root folder '/'
-- role 'anon' (allow read)
-- role 'editor (allow read and write)
- folder '/private/'
-- role 'anon' (no permissions)
I'm not 100% sure if you can indeed "take away" permissions in the
subfolder, you need to try that.
We employ an even finer-grained scheme with write access for
different users in different folders. For that, we give each
folder a separate role with write permissions (the role is named
after the folder). When a user should be allowed to write in that
folder, it is assigned a role with the folder name (but again
without permissions).
- Bert -
4:59 p.m.
Bert, Roel -
After talking with a colleague it appears that you can
indeed not
"take away" permissions in a subfolder, all permissions are inherited.
Actually - you can. My smallwiki 1 (Squeak) does just that: its root
folder is viewable by all, and one of its subfolder is private. I
don't have direct access to its image right now, but as I remember the
key is to re-specify (override) a role's permissions on the subfolder.
Michal
6:10 p.m.
After talking
with a colleague it appears that you can indeed not
"take away" permissions in a subfolder, all permissions are
inherited.
Actually - you can. My smallwiki 1 (Squeak) does just that: its root
folder is viewable by all, and one of its subfolder is private. I
don't have direct access to its image right now, but as I remember the
key is to re-specify (override) a role's permissions on the subfolder.
11:54 p.m.
Am 29.08.2005 um 18:10 schrieb Lukas Renggli:
Indeed, in every structure you are able to redefine (override) the
roles: Just add a new role with the same name but different
permissions to your structure and from there on in the tree those
permissions will be used.
As an example have a look at the following tree where the anonymous-
role is initially defined in the root but redefined (overridden) in
two of its sub folders:
Root-Folder (anonymous: #( view edit ))
Read/Write-Subwiki
Readonly-Subwiki (anonymous: #( view )
Private-Subwiki (anonymous: #( ))
Good to hear :-) This is what I had in memory, but I wasn't sure.
Maybe by loading the advanced permission admin tool (not sure what
it's called) this is changed?
- Bert -
After talking with a colleague it appears that you can
indeed not
"take away" permissions in a subfolder, all permissions are
inherited.
Actually - you can. My smallwiki 1 (Squeak) does just that: its root
folder is viewable by all, and one of its subfolder is private. I
don't have direct access to its image right now, but as I remember
the
key is to re-specify (override) a role's permissions on the
subfolder.
31 Aug
31 Aug
7:59 a.m.
Never wanted to load the advanced permission admin tool since I heard
it was quite unstable (being a student project from a couple of years
ago). I would assume it would be possible there by default :-)
On 29 Aug 2005, at 23:54, Bert Freudenberg wrote:
Am 29.08.2005 um 18:10 schrieb Lukas Renggli:
Indeed, in every structure you are able to redefine (override) the
roles: Just add a new role with the same name but different
permissions to your structure and from there on in the tree those
permissions will be used.
As an example have a look at the following tree where the
anonymous-role is initially defined in the root but redefined
(overridden) in two of its sub folders:
Root-Folder (anonymous: #( view edit ))
Read/Write-Subwiki
Readonly-Subwiki (anonymous: #( view )
Private-Subwiki (anonymous: #( ))
Good to hear :-) This is what I had in memory, but I wasn't sure.
Maybe by loading the advanced permission admin tool (not sure what
it's called) this is changed?
- Bert -
After talking with a colleague it appears that you can
indeed not
"take away" permissions in a subfolder, all permissions are
inherited.
Actually - you can. My smallwiki 1 (Squeak) does just that: its root
folder is viewable by all, and one of its subfolder is private. I
don't have direct access to its image right now, but as I
remember the
key is to re-specify (override) a role's permissions on the
subfolder.
29 Aug
29 Aug
10:59 p.m.
I just wanted to let you guys know, that I use quotes from this thread
at the wiki of the experimental access control mechanism for SmallWiki
2 :D
Please don't be offended, it just proves to me, that we're on the right track.
Philippe
6814
days inactive
6819
days old
8 comments
6 participants
participants (6)
-
Bert Freudenberg -
Lukas Renggli -
Michal -
Philippe Marschall -
Roel Wuyts -
Roel Wuyts