mirror of
https://github.com/Jermolene/TiddlyWiki5
synced 2024-12-28 11:00:27 +00:00
d6d2bc455c
* removed illegal cahracter in filename
* fixes required plugin options & updates docs
* Update dev docs
* call self.displayError
* Revert "call self.displayError"
This reverts commit 5d599aa979
.
* adds path based auth (backwards compatible)
* refactor per-route auth
* get status bug
* server options
* server options
* server options, new 'server-settings' param
* reflow
* fix boot.origin
* refactor new parameters
* restore sitetitle as servername option
* Soft reset to master
* docs update
* tweak wording
* docs
* cleanup
* remove literal string
* cleanup docs
* formatting
* Remove per-path auth
* revert get-status
* fold in PR 5538
* remove server-options
* remove doc
* required-plugins a server-parameter, not option
54 lines
2.6 KiB
Plaintext
54 lines
2.6 KiB
Plaintext
created: 20180630194006239
|
|
modified: 20211122004159427
|
|
tags: WebServer
|
|
title: WebServer Authorization
|
|
type: text/vnd.tiddlywiki
|
|
|
|
''Authorization'' is the process of determining which resources may be accessed by a particular user. It occurs after [[authentication|WebServer Authentication]] has determined the identity of the user. TiddlyWiki's WebServer implements a simple authorization scheme which permits independent control of who has administrator access to the server, and read and write access to a wiki.
|
|
|
|
The WebServer parameters [[admin|WebServer Parameter: admin]], [[readers|WebServer Parameter: readers]] and [[writers|WebServer Parameter: writers]] each contain a comma separated list of //principals// (which is to say, either usernames or certain special tokens) which should have read or write access respectively.
|
|
|
|
The available special tokens are:
|
|
|
|
* ''(anon)'' - indicates all anonymous users
|
|
* ''(authenticated)'' - indicates all authenticated users
|
|
|
|
!! Admin Functions
|
|
|
|
<<.tip"""The ''(anon)'' token is not valid for the [[admin|WebServer Parameter: admin]] parameter.""">>
|
|
|
|
At this time, no server functions are restricted to ''admin'' authorized users in the unmodified [[Tiddlywiki server|WebServer]]. Third party plugins can leverage this to restrict routes or commands to a subset of authorized users.
|
|
|
|
!! Read-only Mode
|
|
|
|
Read-only mode is engaged when the current user is not authorized to write to the current wiki.
|
|
|
|
User interface features concerned with creating or editing content are disabled in read-only mode:
|
|
|
|
* ''clone'', ''delete'', ''new-here'' and ''new-journal-here'' tiddler toolbar buttons
|
|
* ''import'', ''manager'', ''new-tiddler'' ''new-image'' and ''new-journal'' page control buttons
|
|
|
|
The tiddler $:/status/IsReadOnly is set to `yes` when read-only mode is engaged.
|
|
|
|
!! Examples
|
|
|
|
These example use the [[credentials|WebServer Parameter: credentials]] parameter to specify the location of a file containing usernames and passwords.
|
|
|
|
In the first example, read access is permitted for the users "joe" and "mary", with write access restricted to "mary":
|
|
|
|
```
|
|
tiddlywiki mywikifolder --listen credentials=myusers.csv readers=joe,mary writers=mary
|
|
```
|
|
|
|
In the following example, read access is granted to all authenticated users, but only "mary" is granted write access:
|
|
|
|
```
|
|
tiddlywiki mywikifolder --listen credentials=myusers.csv "readers=(authenticated)" writers=mary
|
|
```
|
|
|
|
In the following example, read and write access is granted to all authenticated users, but only "mary" is granted admin access:
|
|
|
|
```
|
|
tiddlywiki mywikifolder --listen credentials=myusers.csv "readers=(authenticated)" "writers=(authenticated)" admin=mary
|
|
```
|