Unexspected permission required for editing page references
-----------------------------------------------------------
Key: JSPWIKI-281
URL: https://issues.apache.org/jira/browse/JSPWIKI-281
Project: JSPWiki
Issue Type: Bug
Components: Authentication&Authorization
Affects Versions: 2.6.3
Environment: Linux, tomcat 5.5
Reporter: Ulrich Gemkow
Priority: Minor
I tried to restrict authenticated users ability to create and modifiy pages to
pages with names starting with selected letters (i.e. PO*).
I used the following settings in the policy file
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:PO*",
"modify,rename";
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:IF*",
"modify,rename";
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:IO*",
"modify,rename";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*",
"createPages";
However this did not work . Whenever a used wanted to add a reference to
another page in a page he edited (typing "[a" for
example), he got the error poopup "No permission to access this AJAX method!".
The message results from the
JSONRPCManager which tried to display related page names.
I had to add
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "rename";
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "rename";
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "rename";
to the policy (trial and error, I did not really understood where the problem
comes from) to make this message
disappear.
This behaviour is at least unexpected. I cannot judge whether it is a bug.
Thanks for listening and the great work!
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
