From: Jim Wight <j.wight@nc...> - 2008-10-14 10:33:01
I have been asked to create private wiki space for each of a number of
groups. I could obviously use one wiki per group, but I thought I would
try using hierarchical ACLs to restrict each group to a subtree of pages
in the same wiki. For testing (with 1.7.2), I have these wikiconfig.py
acl_hierarchic = True
acl_rights_before = u"adminuser:read,write,delete,revert,admin"
acl_rights_default = u"All:read"
auth = [HTTPAuth()]
show_login = 0
user_autocreate = True
plus the following pages
#acl Team1Group:read,write,delete,revert All:
I have the following problem: if someuser creates a new page under Team1
the page gets created - I can see it if logged in as adminuser - but if
someuser clicks the 'Clear message' link after Save Changes, the display
jumps to the page for creating a new empty page again. In fact, someuser
is unable to view the page at all - attempts result in the page for
creating a new empty page being displayed. But if adminuser creates a
page under Team1, someuser can display it.
Does this indicate a bug in the handling of hierarchical ACLs, or do I
From: Jim Wight <j.wight@nc...> - 2008-10-20 14:04:11
On Sun, 2008-10-19 at 08:01 -0700, Thomas Waldmann wrote:
> > acl_hierarchic = True
> > acl_rights_before = u"adminuser:read,write,delete,revert,admin"
> > acl_rights_default = u"All:read"
> > auth = [HTTPAuth()]
> > show_login = 0
> > user_autocreate = True
> Looks all ok (for 1.7.x).
> > Team1Group
> > ==========
> > * someuser
> Please check if SystemAdmin page's user browser shows the group
> membership correctly.
> If it does not, check your page_group_regex setting and please read
> docs/CHANGES about required changes for page_*_regex settings.
The problem I was having had nothing to do with ACLs. I was able to
reproduce it with a single user and no ACLs whenever I gave the user
I was using 2 invocations of SeaMonkey for 2 user sessions. Since
switching to one of Firefox and one of IE everything is working as
expected. I have no idea how the browser is implicated - something to
investigate later, possibly when I have a clean machine to start from.