mirror of
https://github.com/yacy/yacy_search_server.git
synced 2024-09-19 00:01:41 +02:00
added access right control to wiki and changed access policy
- by default, only the admin is allowed to make changes to wiki pages - the admin may allow changes to everybody git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@3019 6c8d7289-2bf4-0310-a012-ef5d649a1542
This commit is contained in:
parent
86394e7a56
commit
816698ad21
|
@ -16,10 +16,10 @@
|
|||
#[page]#
|
||||
</div>
|
||||
<p class="PostInfo">
|
||||
last edited by #[author]# | change date #[date]# | <a href="Wiki.html?page=#[pagename]#&edit=Edit">Edit</a>
|
||||
last edited by #[author]# | change date #[date]# | <a href="Wiki.html?page=#[pagename]#&edit=Edit">Edit</a> #(access)#(only granted to admin)::#(/access)#
|
||||
</p>
|
||||
</div>
|
||||
<p class="Navigation"><a href="Wiki.html">Start Page</a> - <a href="Wiki.html?index=Index">Index</a></p>
|
||||
<p class="Navigation"><a href="Wiki.html">Start Page</a> - <a href="Wiki.html?index=Index">Index</a> - #(access)#<a href="Wiki.html?access=all">Grant Write Access to Everybody</a>::<a href="Wiki.html?access=admin">Grant Write Access to Admin only</a>#(/access)#</p>
|
||||
::
|
||||
<!-- 1: edit -->
|
||||
<form action="Wiki.html" method="post" enctype="multipart/form-data" accept-charset="UTF-8">
|
||||
|
|
|
@ -81,6 +81,7 @@ public class Wiki {
|
|||
post.put("page", "start");
|
||||
}
|
||||
|
||||
String access = switchboard.getConfig("WikiAccess", "admin");
|
||||
String pagename = post.get("page", "start");
|
||||
String ip = post.get("CLIENTIP", "127.0.0.1");
|
||||
String author = post.get("author", "anonymous");
|
||||
|
@ -91,8 +92,29 @@ public class Wiki {
|
|||
else author = de.anomic.yacy.yacyCore.seedDB.mySeed.get("Name", "anonymous");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (post.containsKey("access")) {
|
||||
// only the administrator may change the access right
|
||||
if (!switchboard.verifyAuthentication(header, true)) {
|
||||
// check access right for admin
|
||||
prop.put("AUTHENTICATE", "admin log-in"); // force log-in
|
||||
return prop;
|
||||
}
|
||||
|
||||
access = post.get("access", "admin");
|
||||
switchboard.setConfig("WikiAccess", access);
|
||||
}
|
||||
if (access.equals("admin")) prop.put("mode_access", 0);
|
||||
if (access.equals("all")) prop.put("mode_access", 1);
|
||||
|
||||
if (post.containsKey("submit")) {
|
||||
|
||||
if ((access.equals("admin") && (!switchboard.verifyAuthentication(header, true)))) {
|
||||
// check access right for admin
|
||||
prop.put("AUTHENTICATE", "admin log-in"); // force log-in
|
||||
return prop;
|
||||
}
|
||||
|
||||
// store a new page
|
||||
byte[] content;
|
||||
try {
|
||||
|
@ -111,6 +133,12 @@ public class Wiki {
|
|||
wikiBoard.entry page = switchboard.wikiDB.read(pagename);
|
||||
|
||||
if (post.containsKey("edit")) {
|
||||
if ((access.equals("admin") && (!switchboard.verifyAuthentication(header, true)))) {
|
||||
// check access right for admin
|
||||
prop.put("AUTHENTICATE", "admin log-in"); // force log-in
|
||||
return prop;
|
||||
}
|
||||
|
||||
// edit the page
|
||||
try {
|
||||
prop.put("mode", 1); //edit
|
||||
|
|
|
@ -846,3 +846,12 @@ showSurftipps = true
|
|||
# http://localhost:8080/soap/test?wsdl
|
||||
#
|
||||
soap.serviceDeploymentList =
|
||||
|
||||
|
||||
# Wiki access rights
|
||||
# the built - in wiki system allowes by default only that the administration is allowed to make changes
|
||||
# this can be changed. There are three options:
|
||||
# admin - only the admin has write right
|
||||
# all - everybody has write right
|
||||
# user - the admin and every user registered in the user db has write right
|
||||
WikiAccess = admin
|
||||
|
|
Loading…
Reference in New Issue
Block a user