Dear John,
I just got back from a long holiday :-) and I'll try the below out soon.
Thanks again for such a lengthy response :-)
Regards,
Wilson
_____
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John
Davidson
Sent: Sunday, February 03, 2008 11:53 PM
To: FlexWiki Users Mailing List
Subject: Re: [Flexwiki-users] Allow/Deny Editing Topics
No you are not bother me. This is a complex topic and you are probably
asking questions that will form a FAQ or be used to add to existing
documentation.
1. First the correct form for working with a principal in Windows is:
AllowEdit: user:DOMAINNAME\Wilson.CHC
It should be in the form that you see in the upper righthand border
following the word 'Welcome". If you are using other than Windows
authentication, then the form is
AllowEdit: user:Wilson.CHC
While individual users actually works ok, I prefer to user groups as they
use the same teminology for all authentication methods
AllowEdit: role:WikiManagers
2. In the web.config where you specify
<deny users="?" />
this sets it so that only authenticated users are allowed _any_ access to
the wiki, i.e. anonymous users are not allowed to read.
3. There are a number of things to do that can help a testing environment
and allow you to experiment with various settings.
a. First I recommend comment out the web.config
<deny users="?" />
and add
<allow users="*" />
which will enable anonymous access, but give certain feedback
when logging in to the wiki and validate that the authentication portion is
working.
4. I would create a group called WikiManagers in the domain and add the
Administrators group to that WikiManagers group. Then I would change the
AllowEdit: user:DOMAINNAME\Wilson.CHC, role:WikiManagers
as this will allow you to edit a topic without going into a text editor
and revsing the .wiki and last .awiki files to new content.
5. Next I would not set the DenyEdit in early tests, but only use the
AllowEdit. Once the AllowEdit is working for the topic then add the DenyEdit
statement. The reason for this is that the Windows permissions on the
filestore may not be setup correctly to allow editing, and not having the
DenyEdit will simplify matters.
Have Fun, and let me know if you need more assistance
John Davidson
On Feb 3, 2008 4:47 AM, Wilson Chuah <[EMAIL PROTECTED]> wrote:
Dear all,
I forgot to mention that I tried with and without the principle on two
separate topics (see below):
DenyEdit: all
AllowEdit: user:domainname\Wilson.CHC, user:Wilson.CHC
And
DenyEdit: all
AllowEdit: domainname\Wilson.CHC, Wilson.CHC
Regards,
Wilson
_____
From: Wilson Chuah [mailto:[EMAIL PROTECTED]
Sent: Sunday, February 03, 2008 5:41 PM
To: 'FlexWiki Users Mailing List'
Subject: RE: [Flexwiki-users] Allow/Deny Editing Topics
Dear John,
Ok, I tried out the following:
webconfig authorization set as:
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
My namespace definition is set as:
AllowRead: authenticated, anonymous
AllowManageNamespace: authenticated
My topic definition is set as:
DenyEdit: all
AllowEdit: domainname\Wilson.CHC, Wilson.CHC
And I was not given the permission to edit the page. Is it because of the
windows authentication? Would a forms authentication work better? Thanks in
advance for all the time taken to answer my questions, I hope I'm not being
a bother :-)
Regards,
Wilson
P.S I put both versions of my domain login (with and without domain) because
I didn't know which to follow :-)
_____
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John
Davidson
Sent: Sunday, February 03, 2008 12:06 PM
To: FlexWiki Users Mailing List
Subject: Re: [Flexwiki-users] Allow/Deny Editing Topics
No. The section Evaluation Model in the reference [1] explains it best. It
would have been possible to reverse the statements so that it was
DenyEdit: all
AllowEdit: Wilson
would also work. The key is it evaluates the rules in order and looks to see
if, after evaluating all rules, the user has the right. If your last rule is
a DenyEdit:all then no user will ever have edit rights.
John Davidson
[1] http://www.flexwiki.com/default.aspx/FlexWiki/FlexWikiAuthorization.html
On Feb 2, 2008 9:11 PM, Wilson Chuah <[EMAIL PROTECTED]> wrote:
Dear John,
Thanks for the speedy reply. So Deny always takes precedence over Allow
right? Ok, I know how to proceed now. Thanks again
Regards,
Wilson
_____
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John
Davidson
Sent: Saturday, February 02, 2008 10:18 PM
To: FlexWiki Users Mailing List
Subject: Re: [Flexwiki-users] Allow/Deny Editing Topics
It would not quite work the way you want it to.
The DenyEdit: all would override the AllowEdit:Wilson.
What I believe you should do is
AllowRead: all
AllowEdit: Wilson
It is also good in a testing system to ensure that your admin has a
ManageNamespace permission, as that will allow corrections to be made when
setting permissions in topics.
Another option would be to use topic locking and allow Wilson to Lock/Unlock
topics.
John Davidson
On Feb 2, 2008 3:12 AM, Wilson Chuah <[EMAIL PROTECTED]> wrote:
Hi All,
I've been reading
http://www.flexwiki.com/default.aspx/FlexWiki/FlexWikiAuthorization.html and
before I start configuring, can I ask if DenyEdit takes precedence over
AllowEdit? Example:
AllowEdit: Wilson
DenyEdit: all
Would the above authorization allow Wilson to configure the topics while
denying everyone?
Regards,
Wilson Chuah
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Flexwiki-users mailing list
Flexwiki-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/flexwiki-users
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Flexwiki-users mailing list
Flexwiki-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/flexwiki-users
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Flexwiki-users mailing list
Flexwiki-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/flexwiki-users
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Flexwiki-users mailing list
Flexwiki-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/flexwiki-users
