[jira] Commented: (JSPWIKI-266) Add ability to restrict account creation

Mon, 12 May 2008 07:31:27 -0700 

    [ 
https://issues.apache.org/jira/browse/JSPWIKI-266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12596078#action_12596078
 ] 

Andrew Jaquith commented on JSPWIKI-266:
----------------------------------------

I support this effort, although I think we need to be clear about what we name 
this.

If we're talking about an administrator privilege, I think this should be a 
WikiPermission, and that it should be called something like "manageProfiles". 
The "s" is intentional; it indicates more than one profile, and in combination 
with "manage" denotes something that an ordinary user cannot do.

Aaron, if you want to take a whack at this, the two classes you'd need to 
modify would be WikiPermission and WikiPermissionTest. Both should be 
straightforward. Also, the Admin UI (and whatever you build) should also check 
for the possession of WikiPermission "manageProfiles" before allowing the add.

> Add ability to restrict account creation
> ----------------------------------------
>
>                 Key: JSPWIKI-266
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-266
>             Project: JSPWiki
>          Issue Type: New Feature
>          Components: Authentication&Authorization
>            Reporter: Aaron Hamid
>
> This is a formal feature request (because I could not find an existing issue) 
> for the "Admin Creates User Profiles" Idea here:
> http://www.jspwiki.org/wiki/IdeaAdminCreatesUserProfiles
> Once way to implement it would be, that a different permission, 
> "createProfile", be added, still configurable in the jspwiki.policy file. 
> This way the desired policy could be configured such that the admin group has 
> the "createProfile" permission, while the Authenticated have their 
> "editProfile" permission.
> Workarounds are presented here 
> http://www.jspwiki.org/wiki/AllowOnlyAdministratorCreateUserAccounts but have 
> drawbacks, including allowing arbitrary junk accounts or forcing security to 
> be configured external to the application.
> The proposal above, a new "createProfile" permission, seems like a 
> straightforward way to address this concern directly in the product expanding 
> its usefulness without weird workarounds.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to