Thanks for the responses, This is great information. I admit the my dream has no base in known functionality as i have not had a chance to dive in yet. I will probably go with the low level io route and just not load content based on authorization. This is assuming Tiddlywiki does not cache everything locally and serve up from static tiddlers.
On Wednesday, October 8, 2014 10:02:26 AM UTC-5, Eric Shulman wrote: > > On Tuesday, October 7, 2014 8:07:08 PM UTC-7, Nathan Gleaves wrote: >> >> What i have in mind would use tags to indicate which tiddlers a user does >> not have access to. For example <DungeonMaster> tag one a tiddler (or >> potentially a Transclusion tiddler) to only include the information if the >> user requesting the wiki is authorized at the DM level. Players would >> basically see everything not tagged with DM. Of course, that's just a >> simple example, The addition i would try and build would be much more >> extensible. >> > > If you are using a single-file, standalone configuration of TiddlyWiki, > then all the content, regardless of the auth level, will be present in the > file. Even if you prevent it from being viewed from within the loaded > TiddlyWiki itself, people can always open the underlying HTML source file > using a text editor... or even just use the browser's "view page source" > command. Thus, there's no way, short of encrypting the content itself, to > completely block access to content based on auth level. Of course, if > truly secure content is not that important, you could implement techniques > to simply suppress the *display* of content based on auth levels, with the > understanding that it is easy to bypass this by directly viewing the file > content. I did something like this for TiddlyWiki Classic (see > http://tiddlytools.com/#TiddlerPasswordPlugin) > > However... there may still be a way to secure content based on auth levels: > > If you are using node.js to serve your document from a folder of > individual .tid files, you might be able to extend the low level tiddler > I/O code so that you can control how tiddlers are served from the host, > based on current auth level. You could, for example, deliver full tiddlers > only for those that qualify at the current auth level, and "skinny" > tiddlers (just title/date, no content) for any tiddlers that are above the > current auth level. Alternatively, you could define several distinct sets > of tiddlers, stored in separate sub-folders, and then select which set(s) > to deliver based on auth level. > > enjoy, > -e > Eric Shulman > TiddlyTools / ELS Design Studios > > YOUR DONATIONS ARE VERY IMPORTANT! > HELP ME TO HELP YOU - MAKE A CONTRIBUTION TO MY "TIP JAR"... > http://TiddlyTools.github.com/fundraising.html#MakeADonation > > Professional TiddlyWiki Consulting Services... > Analysis, Design, and Custom Solutions: > http://www.TiddlyTools.com/#Contact > -- You received this message because you are subscribed to the Google Groups "TiddlyWikiDev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/tiddlywikidev. For more options, visit https://groups.google.com/d/optout.
