[Moin-user] Does this security setup sound good?
Kenneth McDonald
kenneth.m.mcdonald at sbcglobal.net
Tue Apr 25 11:54:05 EDT 2006
Thomas was right about my first message, I used a sloppy shorthand. Let
me try to be more succinct and accurate in the description of my setup:
1) "acl_before" grants all rights to our AdminGroup
2) "acl_default" grants read-only rights to all users.
3) The AdminTemplate uses "All: " to grant no writes to everyone.
Therefore, AdminGroup can access these pages via the rights in
"acl_before", but no one else can use them, not even see them.
4) The EditorsTemplate uses "EditorGroup:read,write,delete,revert
All:read" to allow editors to edit "official" pages, and everyone else
to read them
5) The PublicTemplate uses "Known:read,write,delete,revert All:read"
to allow known users to edit public pages, and everyone to read them.
"acl_after" is currently blank.
This provides three levels of pages: admin, which are completely closed
off except to admin users; "official" documentation pages, which can be
edited by admin users and specified trusted editors, and read by
everyone; and "public" documentation pages, which can be edited by all
known users, and read by anyone.
So to return the original question; can anyone suggest a better way to
set this up to achieve the same effect?
And, is there any way to disable the option that allows creation of a
completely blank page? I've gone through multiconfig.py, but my brain is
shrinking as I get older, and I can't hold all of the various options in
it at the same time :-(.
Many thanks,
Ken
Thomas Waldmann wrote:
>> 1) in acl_before, we have AdminGroup:everything...
>
> There is no "everything" acl.
>
>> 3) On admin pages, we have #acl All:None
>
> There is no "None" acl.
>
>> 4) On pages only editable by trusted editors, we have #acl
>> EditorGroup:read,write,delete,rename All:read
>
> There is no "rename" acl.
>
>> The are templates for AdminPageTemplate, TrustedEditorsTemplate,
>> KnownEditableTemplate, which contain the acls given above.
>
> Be aware that users with no "admin" right, can't establish or change
> ACLs.
>
> Maybe read HelpOnAccessControlLists again. And if you post stuff,
> please copy it 1:1 or it maybe won't help much.
>
>
>
> -------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache
> Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Moin-user mailing list
> Moin-user at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/moin-user
>
More information about the Moin-user
mailing list