You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by "Ulrich Gemkow (JIRA)" <ji...@apache.org> on 2008/06/07 12:07:44 UTC
[jira] Created: (JSPWIKI-281) Unexspected permission required for
editing page references
Unexspected permission required for editing page references
-----------------------------------------------------------
Key: JSPWIKI-281
URL: https://issues.apache.org/jira/browse/JSPWIKI-281
Project: JSPWiki
Issue Type: Bug
Components: Authentication&Authorization
Affects Versions: 2.6.3
Environment: Linux, tomcat 5.5
Reporter: Ulrich Gemkow
Priority: Minor
I tried to restrict authenticated users ability to create and modifiy pages to pages with names starting with selected letters (i.e. PO*).
I used the following settings in the policy file
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:PO*", "modify,rename";
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:IF*", "modify,rename";
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:IO*", "modify,rename";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
However this did not work . Whenever a used wanted to add a reference to another page in a page he edited (typing "[a" for
example), he got the error poopup "No permission to access this AJAX method!". The message results from the
JSONRPCManager which tried to display related page names.
I had to add
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "rename";
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "rename";
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "rename";
to the policy (trial and error, I did not really understood where the problem comes from) to make this message
disappear.
This behaviour is at least unexpected. I cannot judge whether it is a bug.
Thanks for listening and the great work!
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JSPWIKI-281) Unexspected permission required for
editing page references
Posted by "Ulrich Gemkow (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JSPWIKI-281?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12603295#action_12603295 ]
Ulrich Gemkow commented on JSPWIKI-281:
---------------------------------------
When looking at my bug report I saw that the interface removed the stars in the policy lines which I included in the report. The lines were correct (i.e. "<star>:PO<star>" and <star>:<star>). Sorry about this.
> Unexspected permission required for editing page references
> -----------------------------------------------------------
>
> Key: JSPWIKI-281
> URL: https://issues.apache.org/jira/browse/JSPWIKI-281
> Project: JSPWiki
> Issue Type: Bug
> Components: Authentication&Authorization
> Affects Versions: 2.6.3
> Environment: Linux, tomcat 5.5
> Reporter: Ulrich Gemkow
> Priority: Minor
>
> I tried to restrict authenticated users ability to create and modifiy pages to pages with names starting with selected letters (i.e. PO*).
> I used the following settings in the policy file
> permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:PO*", "modify,rename";
> permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:IF*", "modify,rename";
> permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:IO*", "modify,rename";
> permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
> However this did not work . Whenever a used wanted to add a reference to another page in a page he edited (typing "[a" for
> example), he got the error poopup "No permission to access this AJAX method!". The message results from the
> JSONRPCManager which tried to display related page names.
> I had to add
> permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "rename";
> permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "rename";
> permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "rename";
> to the policy (trial and error, I did not really understood where the problem comes from) to make this message
> disappear.
> This behaviour is at least unexpected. I cannot judge whether it is a bug.
> Thanks for listening and the great work!
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.