Forum OpenACS Q&A: Re: xowiki permission problem

2: Re: xowiki permission problem (response to 1)

Posted by Claudio Pasolini on 09/03/06 09:07 AM

I tracked down the problem fixing the proc ConnectionContext into the file tcl/context-procs.tcl of xotcl-core.

If the user_id of the connection was 0 (i.e. not logged in), the proc invoked the registration page via auth::require_login. I forced instead party_id to -1 (The public) so giving to all subsequent permission checks a valid party_id and requiring login only when necessary.

3: Re: xowiki permission problem (response to 2)

Posted by Gustaf Neumann on 09/04/06 01:23 AM

Claudio,

yes, you are correct, anonymous viewing was not possible with the initial release of xowiki 0.36. i have committed a small patch to fix this problem. It contains two parts: changing the permissions for "view" in policy1 to "none" (see xowiki/tcl/package-procs.tcl) and pass the actual user-id from the view-page to the conditional links (such that the permission checking for the conditional links does not force the login).

After a cvs update, two settings are required for anonymous viewing:

give "the public" read permissions for the package ("permissions" link on admin page), if applicable, for the subsite as well. and
use policy1 as security policy ("parameters" on the admin page, policy1 is the default).

For your setup, just the update should be enough.