Forum OpenACS Q&A: Re: xowiki permission problem

Collapse
Posted by Claudio Pasolini on
I tracked down the problem fixing the proc ConnectionContext into the file tcl/context-procs.tcl of xotcl-core.

If the user_id of the connection was 0 (i.e. not logged in), the proc invoked the registration page via auth::require_login. I forced instead party_id to -1 (The public) so giving to all subsequent permission checks a valid party_id and requiring login only when necessary.

Collapse
Posted by Gustaf Neumann on
Claudio,

yes, you are correct, anonymous viewing was not possible with the initial release of xowiki 0.36. i have committed a small patch to fix this problem. It contains two parts: changing the permissions for "view" in policy1 to "none" (see xowiki/tcl/package-procs.tcl) and pass the actual user-id from the view-page to the conditional links (such that the permission checking for the conditional links does not force the login).

After a cvs update, two settings are required for anonymous viewing:

  • give "the public" read permissions for the package ("permissions" link on admin page), if applicable, for the subsite as well. and
  • use policy1 as security policy ("parameters" on the admin page, policy1 is the default).

For your setup, just the update should be enough.