You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by "Harry Metske (JIRA)" <ji...@apache.org> on 2011/09/18 17:26:09 UTC
[jira] [Closed] (JSPWIKI-702) Auth: Users only with modify
permission may create pages
[ https://issues.apache.org/jira/browse/JSPWIKI-702?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Harry Metske closed JSPWIKI-702.
--------------------------------
Resolution: Duplicate
> Auth: Users only with modify permission may create pages
> --------------------------------------------------------
>
> Key: JSPWIKI-702
> URL: https://issues.apache.org/jira/browse/JSPWIKI-702
> Project: JSPWiki
> Issue Type: Bug
> Components: Authentication&Authorization
> Affects Versions: 2.8.3, 2.8.4
> Reporter: Florian Holeczek
> Priority: Critical
>
> {quote}
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
> permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify";
> // permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
> };
> {quote}
> With these settings, Anonymous may create pages!
> {quote}
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
> // permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify";
> // permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
> };
> {quote}
> Works as it should: Anonymous may neither create nor modify pages.
> {quote}
> grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
> // permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify";
> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
> };
> {quote}
> Well, since there isn't any possibility of creating a page without editing it AFAIK, this setting also seems to work as it should: Seems to be the same like the second case.
> The changes listed above are the only changes I did to the file I checked out from the svn repository.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira