 |
|
You are here: Foswiki>Support Web>SupportQuestions>Question2053 (01 May 2020, BramVanOosterhout)Edit Attach
This question about This website: Answered
Custom Permission Settings and IF access conditions
RenderSimpleTopicCreator does start with the line:
%IF{"'%BASEWEB%.%BASETOPIC%' allows 'CREATE'" ...
Examples in System.IfStatements#Access_permissionsdo not show create as an option. I cannot find an exhaustive list of valid options in the documentation. The code has comments stating:
* =$mode= - 'VIEW', 'CHANGE', 'CREATE', etc. (defaults to VIEW)but I cannot locate a place where these are allocated. Nor can I find an expansion on the etc... I have created an example in BvOTestIF. It does the right thing for CHANGE. But it does not do the right thing for CREATE. What am I missing? -- BramVanOosterhout - 30 Apr 2020 TopicTypes in WikiWorkbenchContrib when deployed with a TopicStub allow you to define a separate ACL
CREATE to control who is allowed to create topics of that kind. This is mostly used in the TopicCreator UI and RenderSimpleTopicCerator.
-- MichaelDaum - 30 Apr 2020
Basically you can create any sort of ACL list by yourself:
* Set ALLOWTOPICBOTCH = BramVanOosterhoutResults: you are NOT allowed to botch this topic. go away. -- MichaelDaum - 30 Apr 2020 Apologies for my half question.I got interrupted. And thanks for your prompt note. Where can I find some detail on how to define this separate ACL.? I tried the Permissions tab, but that inserted the following preferences. Not CREATE. -- BramVanOosterhout - 30 Apr 2020 The next version of NatSkin will have a third section for those topics. -- MichaelDaum - 30 Apr 2020 I was curious about what Michael suggested above so did some testing myself. I confirmed it does work exactly as Michael described, however this operates outside the standard Foswiki permissions, so you can't use that permissions tab UI to do this. If you define some arbitrary permission setting such as Michael did above (e.g.
ALLOWTOPICBOTCH), IF will test against that permission (e.g. allows 'BOTCH'). Keep in mind that you can't test this behavior if you are in AdminGroup since permissions are not evaluated at all for this group. So in Michael's example above, it should display that you can not botch this topic (assuming you are neither BramVanOosterhout nor a member of AdminGroup).
Back to RenderSimpleTopicCreator, you can simply set a permission ALLOWTOPICCREATE to some individual or group (using the standard syntax of defining a preference and as illustrated in Michael's example above), and the form for creating new topics will be visible to that individual or group.
It is an interesting new wrinkle (to me at least) that one can define a custom permission definition and use IF macro to test against it. I'm sure I'll find some novel uses for this feature!
-- LynnwoodBrown - 30 Apr 2020
Thanks Michael and Lynwood,
Reading AccessControl again, I can see that the custom ACLs are hinted at. And to summarise: - VIEW, CHANGE and RENAME will directly affect Foswiki topic access when set
- HISTORY and RAW will affect Foswiki topic access if enabled in configure
- XXX will not affectFoswiki access, unless implemented by an extension developer. For instance COMMENT as documented in CommentPlugin#Custom_access_controls
QuestionForm edit
| Subject | This website |
| Extension | WikiWorkbenchContrib |
| Version | Foswiki 2.1.6 |
| Status | Answered |
| Related Topics |
Edit | Attach | Print version | History: r10 < r9 < r8 < r7 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r10 - 01 May 2020, BramVanOosterhout
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. 
Legal Imprint Privacy Policy
Legal Imprint Privacy Policy