ACL filter

Hi,

We plan to use ACL to control page access. E.g., the following ACLs
say only members of staff group can view and edit the page:
[{ALLOW edit StaffGroup}], where StaffGroup is a wiki group defined to
include all members of staff.

This is convenient but causes a problem: any member of staff can edit
this ACL (say, by mistake) to break the access control policy.
Ideally,  we want though any member of staff can edit this page, but
only some people with a special role can edit the ACL inside the page.

I don't know whether this is possible in JSPWiki 2.6.2 or by some
contributed plugin/filter. (If you know, please tell me! thanks!) So I
propose use a filter to implement this:

In the preSave method, if the current editor has the special role that
allows him to handle ACL, the to-be-saved content is saved directly.
Otherwise, any ACL in the to-be-saved content is ignored, and the
current (official) ACLs are read from the current version of the page
and appended to the to-be-saved content, before it is saved.

Has this done before? Any suggestions or alternatives? Many thanks!

Cheers,

Weijian

I

Weijian Fang wrote:
Hi Weijian,

I don't know if it's been done before but this sounds like a good place
to invest in some time developing a JSP for this purpose. You could use
a menu and/or other features to limit what any given user is permitted
to enter into the form or show them the permitted values. Having a bit
more code behind any complicated feature can of course add its own
issues but when security is involved this might be justified.

If you've never written a JSP before take a peek at some of those in
JSPWiki, as it might be easier than trying to accomplish this via a
plugin, particularly if you're trying to do some form entry. Plugins can
also be abused or instantiated in the wrong place, or more than once on
a page, whereas a JSP is pretty safe in that regard.

Hope this is helpful.

Murray

...........................................................................
Murray Altheim <murray07 at altheim.com>                           ===  = =
http://www.altheim.com/murray/                                     = =  ===
SGML Grease Monkey, Banjo Player, Wantanabe Zen Monk               = =  = =

       Boundless wind and moon - the eye within eyes,
       Inexhaustible heaven and earth - the light beyond light,
       The willow dark, the flower bright - ten thousand houses,
       Knock at any door - there's one who will respond.
                                       -- The Blue Cliff Record

> This is convenient but causes a problem: any member of staff can edit
> this ACL (say, by mistake) to break the access control policy.

That isn't necessarily a bad thing - wikis are based largely on trust.

> In the preSave method, if the current editor has the special role that
> allows him to handle ACL, the to-be-saved content is saved directly.
> Otherwise, any ACL in the to-be-saved content is ignored, and the
> current (official) ACLs are read from the current version of the page
> and appended to the to-be-saved content, before it is saved.

This should work.  It's probably easier to simply reject edits which  
are trying to mess your ACLs; then you don't have to parse/fix things  
too much.

/Janne

2008/6/11 Janne Jalkanen <Janne.Jalkanen@...>: How to reject edits in the preSave method?

Cheers,

Weijian


> /Janne
>

>> This should work.  It's probably easier to simply reject edits  
>> which are
>> trying to mess your ACLs; then you don't have to parse/fix things  
>> too much.
>>
> How to reject edits in the preSave method?

Throw a RedirectException().  Check out the SpamFilter for an example.

/Janne

Janne,

Thank you very much!

Cheers,

Weijian


2008/6/11 Janne Jalkanen <Janne.Jalkanen@...>:

An ACL filter is implemented and tested on JSPWiki 2.6.2, see
http://www.jspwiki.org/wiki/ACLFilter. Thanks!

Cheers,

Weijian


2008/6/11 Weijian Fang <wf@...>:

Awesome, thanks!

/Janne

On Jun 26, 2008, at 18:05 , Weijian Fang wrote:

Very nicely done.  Clever approach and clean implementation.

On Thu, 2008-06-26 at 16:05 +0100, Weijian Fang wrote: