added access right control to wiki and changed access policy

- by default, only the admin is allowed to make changes to wiki pages
- the admin may allow changes to everybody

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@3019 6c8d7289-2bf4-0310-a012-ef5d649a1542
pull/1/head
orbiter 18 years ago
parent 86394e7a56
commit 816698ad21

@ -16,10 +16,10 @@
#[page]#
</div>
<p class="PostInfo">
last edited by #[author]# | change date #[date]# | <a href="Wiki.html?page=#[pagename]#&amp;edit=Edit">Edit</a>
last edited by #[author]# | change date #[date]# | <a href="Wiki.html?page=#[pagename]#&amp;edit=Edit">Edit</a> #(access)#(only granted to admin)::#(/access)#
</p>
</div>
<p class="Navigation"><a href="Wiki.html">Start Page</a> - <a href="Wiki.html?index=Index">Index</a></p>
<p class="Navigation"><a href="Wiki.html">Start Page</a> - <a href="Wiki.html?index=Index">Index</a> - #(access)#<a href="Wiki.html?access=all">Grant Write Access to Everybody</a>::<a href="Wiki.html?access=admin">Grant Write Access to Admin only</a>#(/access)#</p>
::
<!-- 1: edit -->
<form action="Wiki.html" method="post" enctype="multipart/form-data" accept-charset="UTF-8">

@ -81,6 +81,7 @@ public class Wiki {
post.put("page", "start");
}
String access = switchboard.getConfig("WikiAccess", "admin");
String pagename = post.get("page", "start");
String ip = post.get("CLIENTIP", "127.0.0.1");
String author = post.get("author", "anonymous");
@ -92,7 +93,28 @@ public class Wiki {
}
}
if (post.containsKey("access")) {
// only the administrator may change the access right
if (!switchboard.verifyAuthentication(header, true)) {
// check access right for admin
prop.put("AUTHENTICATE", "admin log-in"); // force log-in
return prop;
}
access = post.get("access", "admin");
switchboard.setConfig("WikiAccess", access);
}
if (access.equals("admin")) prop.put("mode_access", 0);
if (access.equals("all")) prop.put("mode_access", 1);
if (post.containsKey("submit")) {
if ((access.equals("admin") && (!switchboard.verifyAuthentication(header, true)))) {
// check access right for admin
prop.put("AUTHENTICATE", "admin log-in"); // force log-in
return prop;
}
// store a new page
byte[] content;
try {
@ -111,6 +133,12 @@ public class Wiki {
wikiBoard.entry page = switchboard.wikiDB.read(pagename);
if (post.containsKey("edit")) {
if ((access.equals("admin") && (!switchboard.verifyAuthentication(header, true)))) {
// check access right for admin
prop.put("AUTHENTICATE", "admin log-in"); // force log-in
return prop;
}
// edit the page
try {
prop.put("mode", 1); //edit

@ -846,3 +846,12 @@ showSurftipps = true
# http://localhost:8080/soap/test?wsdl
#
soap.serviceDeploymentList =
# Wiki access rights
# the built - in wiki system allowes by default only that the administration is allowed to make changes
# this can be changed. There are three options:
# admin - only the admin has write right
# all - everybody has write right
# user - the admin and every user registered in the user db has write right
WikiAccess = admin

Loading…
Cancel
Save