On Mar 10, 2008, at 7:44 AM, Thomas Waldmann wrote: > ... If you want to change ACLs, you need admin rights.
Yes, and I think that should remain true. I considered schemes where the new ACL was passed in from the macro, but they were always insecure in some way. I didn't want that; I want a scheme that is completely controllable from the template (the editors of which would need admin rights on the template to change the ACLs, of course). > Moin (and most wikis) don't have a concept of "page ownership" > because it is often hard to define who should be that owner. Ah, true; in this case, I meant the @ME@ who instantiated the template; the creator. > If there are some specific conditions when a user should have admin > rights, it can be done by a security policy. Maybe look at the > autoadmin secpol (see MoinMoin/security/autoadmin.py). Hmmm... I'd seen this in the docs (although I didn't know the name), but what I want is for there to be specific privileges on _one_ page below a master page: read/write by the creator, read by a special group, not accessible to the public. (The last is the killer; if you use @ME@ for the creator, he doesn't have read permission on the template when trying to instantiate it.) I'll have to look at how the security policies are done; maybe it's an alternative to the scheme I suggested in my last message. > Maybe a future moin template system should not load the template > into the editor, but instantiate a page with a copy of that > template as first revision (and thus, creating the ACL internally, > without the user needing to be able to do that). Of course this is > only half a solution for your special case. It would be sufficient to solve my special case, but it seems like a lot more of an upheaval than the scheme I suggested. I'll look at doing this, as well. I appreciate your comments; there are two alternatives here that I hadn't thought of. It will give me something to work with. Tks, -- Greg Noel, retired UNIX guru ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Moin-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/moin-user
