Still the same.
I have set log4j level to debug. After I disable the "edit"
PagePermission, when I try to create a new page, I can see in the log
a line saying that
User has no access - forbidden
(permission=("com.ecyrd.jspwiki.auth.permissions.PagePermission",
"wikiname:NewPage", "edit"))
When does jspwiki test the "edit" PagePermission instead of the
"createPages" WikiPermission?
If I enable the "edit" PagePermssion, interestingly, no information is
given in the log saying about the "edit" permission or "createpages"
permission.
Cheers,
Weijian
2010/1/14 Andrew Jaquith <[email protected]>:
> Weijin --
>
> Your understanding is correct: users who have the "edit"
> PagePermission, but hot the "createPages" WikiPermission, should not
> be allowed to create new pages.
>
> The "edit" PagePermission should not imply the "createPages"
> WikiPermission. The Java code for the two classes doesn't show that
> there is any relationship between the two. If that is actually
> happening, then it is a bug.
>
> Could you verify this behavior with a completely stripped down
> security policy? (i.e., remove all commented out permissions, etc)?
>
> Andrew
>
> On Thu, Jan 14, 2010 at 10:34 AM, Weijian Fang <[email protected]> wrote:
>> Hi,
>>
>> In my jspwiki 2.6.2 isntallation, if I give the "edit" PagePermission
>> to somebody, e.g. Authenticated users, but not the "createPages"
>> WikiPermission, my understanding is the users should be able to edit
>> existing pages but not create new pages.
>>
>> grant
>> principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
>> permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
>> "view";
>> permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*",
>> "edit";
>> permission com.ecyrd.jspwiki.auth.permissions.PagePermission
>> "*:*", "upload";
>> // permission com.ecyrd.jspwiki.auth.permissions.WikiPermission
>> "*", "createPages";
>> };
>>
>> However, my authenticated users also get the permission to create
>> pages. In my experiments, the "upload" PagePermission does not imply
>> "createPages", but "edit" does.
>>
>> Have anyone seen this before? Where did I do wrong? Many thanks.
>>
>> Weijian
>>
>
