Wiki
 » 
JspWiki - User

GroupPermission

View: New views
2 Messages — Rating Filter:   Alert me  

GroupPermission

by ctrattner :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hi,

I have the following configuration:

grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {

     permission com.ecyrd.jspwiki.auth.permissions.GroupPermission  
"*:*", "view";
     permission com.ecyrd.jspwiki.auth.permissions.GroupPermission  
"*:<groupmember>", "edit";
     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",  
"createGroups";

};

The problem is, that I have a group called "Editor" in my wiki where  
group members are not allowed to edit this group, but should be able  
to edit any
other group they are member of.

To handle this situation, I tried to add the following Permission line  
to the grant block above:

permission com.ecyrd.jspwiki.auth.permissions.GroupPermission  
"*:Editor*", "view";

But as you may know, this kind of "code" snippet, didn't solve the problem.
So what can I do to get things work?!

If the solution for this problem needs some source code modifications,  
do not hesitate to post some code (I am using JSPWiki 2.8.1) :)

Best Regards,
Christoph


Re: GroupPermission

by Andrew Jaquith-4 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

That won't work, because permissions are "unions" of one another,
rather than intersections.

What you are asking for, essentially, is a "negative" permission...
that is, grant all group members of all groups EXCEPT if it's called
"Editors" to edit the group. Or putting it differently, deny
permission to edit group membership when the group name is "Editors."

Negative permissions aren't possible in JSPWiki, nor are they planned.
The work-around would be to grant groupmember edit rights explicitly
only to those groups you want members to be able to edit. That's a
little more tedious, to be sure.

Sorry if this wasn't the answer you were looking for.

Andrew

On Wed, Sep 30, 2009 at 4:18 PM,  <ctrattner@...> wrote:

> Hi,
>
> I have the following configuration:
>
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
>
>    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*",
> "view";
>    permission com.ecyrd.jspwiki.auth.permissions.GroupPermission
> "*:<groupmember>", "edit";
>    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
> "createGroups";
>
> };
>
> The problem is, that I have a group called "Editor" in my wiki where group
> members are not allowed to edit this group, but should be able to edit any
> other group they are member of.
>
> To handle this situation, I tried to add the following Permission line to
> the grant block above:
>
> permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:Editor*",
> "view";
>
> But as you may know, this kind of "code" snippet, didn't solve the problem.
> So what can I do to get things work?!
>
> If the solution for this problem needs some source code modifications, do
> not hesitate to post some code (I am using JSPWiki 2.8.1) :)
>
> Best Regards,
> Christoph
>
>
Free embeddable forum powered by Nabble Forum Help