Re: [fossil-users] diff of wiki-page
On 20 July 2016 at 11:50, Andy Bradfordwrote: > Thus said Warren Young on Fri, 15 Jul 2016 12:16:53 -0600: > >> https://www.fossil-scm.org/xfer/doc/trunk/www/embeddeddoc.wiki >> >> In order to view such content in the wiki, the viewing user needs >> checkout rights on the whole repository. If you can't give your >> viewer-only users that ability, you can't use embedded doc links. > > I once wrote a patch that would allow read-only access to certain pages > that did not require the ability to clone/checkout: > > http://marc.info/?l=fossil-users=144565838441517=2 > > Does this sound at all relevant? > > Here's the full thread: > > http://marc.info/?t=144565838700013=1=2 > Wow, that sounds very interesting! Hopefully this can be revived and it's implemented. > Thanks, > > Andy > -- > TAI64 timestamp: 4000578fc827 > > -- --- inum: 883510009027723 sip: jungleboo...@sip2sip.info ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] diff of wiki-page
Thus said Warren Young on Fri, 15 Jul 2016 12:16:53 -0600: > https://www.fossil-scm.org/xfer/doc/trunk/www/embeddeddoc.wiki > > In order to view such content in the wiki, the viewing user needs > checkout rights on the whole repository. If you can't give your > viewer-only users that ability, you can't use embedded doc links. I once wrote a patch that would allow read-only access to certain pages that did not require the ability to clone/checkout: http://marc.info/?l=fossil-users=144565838441517=2 Does this sound at all relevant? Here's the full thread: http://marc.info/?t=144565838700013=1=2 Thanks, Andy -- TAI64 timestamp: 4000578fc827 ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] diff of wiki-page
On Jul 17, 2016, at 11:29 AM, Richard Hippwrote: > > On 7/15/16, Warren Young wrote: >> >> In order to view [embedded documentation] content in the wiki, the viewing >> user >> needs checkout rights on the whole repository. > > In general, this is true. But there is one obscure exception. > > On the Setup/Access page there is a "Public Pages” setting As it happens, I know about the restriction because we have a use case here where the ability to see the occasional embedded doc reference via the wiki would be useful. We have a user that currently has cnouw perms, with the ‘o’ purely so they can see such wiki references. To test this feature, I created a new user with cnuw perms and set the Public Pages pref to “*.svg, *.md”, then restarted “fossil server” and tried viewing the wiki pages that refer to these SVG and Markdown files. No joy. The URLs look like this: /reponame/doc/trunk/doc/path/to/image.svg /reponame/doc/trunk/path/to/document.md If the wiki page references the target inline, as with the SVGs, you get the alt-text inline instead of the image. If the link is supposed to show you the other file as a separate page, as with the Markdown links, the Fossil server sends you to the Login/Logout page when you click the link, telling you the user doesn’t have sufficient privilege to access the URL. I then tried using absolute glob patterns, with * in place of the branch and other variable parts of the path, also with no luck. Then I started swinging the heavy hammer, setting the Public Pages pref to a single absolute glob pattern, each more specific than the last: /reponame/doc/trunk/doc/* /reponame/doc/trunk/doc/path/to/*.svg /reponame/exact/path/to/specific/file.svg Still no luck. I also tried dropping the /reponame prefix, also with no useful effect. This is with “fossil server” pointing to a directory full of fossils, so the /reponame part is required, at least in the wiki source. (We use Markdown wiki syntax here.) The last path above was actually copy-pasted from the Login/Logout page into the Public Pages box, to see if I could grant access to just that one image. Did this feature get broken somewhere along the line? > 'A comma-separated list of glob patterns for pages that are accessible > without needing a login and using the privileges given by the "Default > privileges" setting below. My “Default privileges” is set to ‘u’. ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] diff of wiki-page
On 7/15/16, Warren Youngwrote: > > In order to view [embedded documentation] content in the wiki, the viewing > user > needs checkout rights on the whole repository. In general, this is true. But there is one obscure exception. On the Setup/Access page there is a "Public Pages" setting, documented as follows: 'A comma-separated list of glob patterns for pages that are accessible without needing a login and using the privileges given by the "Default privileges" setting below. Example use case: Set this field to "/doc/trunk/www/*" to give anonymous users read-only permission to the latest version of the embedded documentation in the www/ folder without allowing them to see the rest of the source code.' -- D. Richard Hipp d...@sqlite.org ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] diff of wiki-page
On 15 July 2016 at 20:16, Warren Youngwrote: > On Jul 15, 2016, at 12:09 PM, Michai Ramakers wrote: >> >> 1) does there happen to be a "howto" anywhere describing quick setup >> w.r.t. security, perhaps from a wiki-only standpoint? > > I posted my philosophy on that here: > > > http://lists.fossil-scm.org:8080/pipermail/fossil-users/2016-January/023184.html Ok, thanks. As a matter of fact... I decided a couple of static Markdown-/HTML-pages would suffice, in this case. (I'll probably be the only contributer anyway.) Michai ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] diff of wiki-page
On Jul 15, 2016, at 12:09 PM, Michai Ramakerswrote: > > 1) does there happen to be a "howto" anywhere describing quick setup > w.r.t. security, perhaps from a wiki-only standpoint? I posted my philosophy on that here: http://lists.fossil-scm.org:8080/pipermail/fossil-users/2016-January/023184.html I isn’t wiki-only, but the permission changes do implicitly include use of the wiki by semi-privileged users. The main tricky bit is if you’re using the embedded documentation feature: https://www.fossil-scm.org/xfer/doc/trunk/www/embeddeddoc.wiki In order to view such content in the wiki, the viewing user needs checkout rights on the whole repository. If you can’t give your viewer-only users that ability, you can’t use embedded doc links. > 2) is there a way to view changes to the wiki (as diffs) through the > web-interface? Nope. The ability exists at the low-level, but no one has written a web UI for it yet. ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users