You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by "Ulrich Gemkow (JIRA)" <ji...@apache.org> on 2008/06/07 12:07:44 UTC

[jira] Created: (JSPWIKI-281) Unexspected permission required for editing page references

Unexspected permission required for editing page references
-----------------------------------------------------------

                 Key: JSPWIKI-281
                 URL: https://issues.apache.org/jira/browse/JSPWIKI-281
             Project: JSPWiki
          Issue Type: Bug
          Components: Authentication&Authorization
    Affects Versions: 2.6.3
         Environment: Linux, tomcat 5.5
            Reporter: Ulrich Gemkow
            Priority: Minor


I tried to restrict authenticated users ability to create and modifiy pages to pages with names starting with selected letters (i.e. PO*).
I used the following settings in the policy file

   permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:PO*", "modify,rename";
   permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:IF*", "modify,rename";
   permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:IO*", "modify,rename";
   permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";

However this did not work . Whenever a used wanted to add a reference to another page in a page he edited (typing "[a" for
example), he got the error poopup "No permission to access this AJAX method!". The message results from the
JSONRPCManager which tried to display related page names.

I had to add

   permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "rename";
   permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "rename";
   permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "rename";

to the policy (trial and error, I did not really understood where the problem comes from) to make this message
disappear.

This behaviour is at least unexpected. I cannot judge whether it is a bug.

Thanks for listening and the great work!


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (JSPWIKI-281) Unexspected permission required for editing page references

Posted by "Ulrich Gemkow (JIRA)" <ji...@apache.org>.
    [ https://issues.apache.org/jira/browse/JSPWIKI-281?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12603295#action_12603295 ] 

Ulrich Gemkow commented on JSPWIKI-281:
---------------------------------------

When looking at my bug report I saw that the interface removed the stars in the policy lines which I included in the report. The lines were correct (i.e. "<star>:PO<star>" and <star>:<star>). Sorry about this.

> Unexspected permission required for editing page references
> -----------------------------------------------------------
>
>                 Key: JSPWIKI-281
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-281
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Authentication&Authorization
>    Affects Versions: 2.6.3
>         Environment: Linux, tomcat 5.5
>            Reporter: Ulrich Gemkow
>            Priority: Minor
>
> I tried to restrict authenticated users ability to create and modifiy pages to pages with names starting with selected letters (i.e. PO*).
> I used the following settings in the policy file
>    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:PO*", "modify,rename";
>    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:IF*", "modify,rename";
>    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:IO*", "modify,rename";
>    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
> However this did not work . Whenever a used wanted to add a reference to another page in a page he edited (typing "[a" for
> example), he got the error poopup "No permission to access this AJAX method!". The message results from the
> JSONRPCManager which tried to display related page names.
> I had to add
>    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "rename";
>    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "rename";
>    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "rename";
> to the policy (trial and error, I did not really understood where the problem comes from) to make this message
> disappear.
> This behaviour is at least unexpected. I cannot judge whether it is a bug.
> Thanks for listening and the great work!

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.