Yeah, I think your first step needs to be to add this line [1]. Without
digging into it further (sorry - been meaning to do this, but haven't had
time for anything FlexWiki in the last week or so), I'm guessing what's
happening is once you put in the DenyEdit for authenticated users, the call
to add AllowEdit fails because you don't have permission to Edit any more
(an administrator is an authenticated user). Granting ManageNamespace first
to Administrator should take care of the problem.
Note that although AllowEdit allows editing on *almost* every page,
AllowManageNamespace is needed in order to edit _ContentBaseDefinition.
That's because _ContentBaseDefinition contains security policy for the
namespace, so elevated privilege is required to mess with it. Also note that
there's no need to deny ManageNamespace if you've already denied Edit:
there's a hierarchy of rules. Reading "=>" as "implies", these are the
rules:
AllowManageNamespace => AllowEdit => AllowRead
DenyRead => DenyEdit => DenyManageNamespace
Another option would be to put an allow for ManageNamespace into the
flexwiki.config file for the Administrator role (I'm assuming that only
Administrators will be running the page in /admin). That will set up the
default policy for the wiki. In fact, perhaps that's all you need to do:
maybe there's no need to mess around with the namespace settings at all. If
you lock down ManageNamespace in the flexwiki.config file, no one but the
users you specify will be able to edit _ContentBaseDefinition, and you won't
have to change anything in new namespaces.
[1]
manager.SetTopicPropertyValue(manager.DefinitionTopicName.LocalName,
"AllowManageNamespace", "role:Administrator", false, "FlexWiki");
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Helen
Ersando
Sent: Sunday, September 23, 2007 11:12 PM
To: FlexWiki Users Mailing List
Subject: Re: [Flexwiki-users] Admin Page Feature Request
hi,
how would i be able to include the base security information? is this the
same with setting the topic property value [1] ?
again with this, if i set a default value [2] upon namespace creation, it
can not create the namespace at all... here's what it does: it created the
new namespace in the dbo.Namespace table (created the namespace folder if
filesystem); then it created the _ContentBaseDefinitionTopic but will stop
on "DenyEdit: authenticated" or "DenyEdit: anonymous" ... the rest of the
content will not be written; and it will not proceed to writing on the
flexwiki.config file...
[1]
manager.SetTopicPropertyValue(manager.DefinitionTopicName.LocalName,
"Contact", Contact, false, "FlexWiki");
[2]
manager.SetTopicPropertyValue(manager.DefinitionTopicName.LocalName ,
"DenyEdit", "authenticated", false, "FlexWiki");
manager.SetTopicPropertyValue(manager.DefinitionTopicName.LocalName,
"AllowEdit", "role:Administrator", false, "FlexWiki");
hope to hear any repsonse...
thanks,
helen
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Flexwiki-users mailing list
Flexwiki-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/flexwiki-users
