[TW5] How to protect single tiddlers from editing by password

[Jonathan Haug]

Hi there again,

to take my last approach
(https://groups.google.com/forum/#!topic/tiddlywiki/v31xoiWUIjw) a step
further:

Imagine I have some tiddlers tagged with "locked", which should not be
edited.
Is there a way to secure editing with a password, so that one can see
the tiddler content without a password, but would need a password to
edit the tiddler?

(I'm aware of the "encrypt single tiddler plugin"
http://danielorodriguez.com/TW5-EncryptTiddlerPlugin/ but my users
should be able to read-only the tiddler without the password.)

Thanks in advance

Jonathan

[Danielo Rodríguez]

How are your users accessing the wiki? There are different levels of read only, but unless you are serving your wiki from a server it's more or less impossible to protect the wiki against reads. How would you protect a .txt file from edition for example?

[jonath...@wolke7.net]

Hi Danielo,

sure, there is no real protection, but I a have small userbase and I'm just trying to prevent accidential editing.
The wiki resides on a sharded folder in a windows network.

Do you mean, " There are different levels of read only" in your single tiddler encryption plugin?

-----Ursprüngliche Nachricht-----
Von: tiddl...@googlegroups.com [mailto:tiddl...@googlegroups.com] Im Auftrag von Danielo Rodríguez
Gesendet: Sonntag, 27. September 2015 17:05
An: TiddlyWiki <tiddl...@googlegroups.com>
Betreff: [tw] [TW5] How to protect single tiddlers from editing by password

How are your users accessing the wiki? There are different levels of read only, but unless you are serving your wiki from a server it's more or less impossible to protect the wiki against reads. How would you protect a .txt file from edition for example?

--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+...@googlegroups.com.
To post to this group, send email to tiddl...@googlegroups.com.
Visit this group at http://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/b6a50905-dd5c-4b4f-befa-f3e09df37558%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Tobias Beer]

Hi Jonathan,

 

sure, there is no real protection, but I a have small userbase and I'm just trying to prevent accidential editing.
The wiki resides on a sharded folder in a windows network.

Do you actually have any multi-user workflow in place at the moment? And if so, how does that work? If not, there isn't really any actual editing, or did you have that happen to you with people using TiddlyFox?

Perhaps it would be better to have / introduce some low-level authentication procedure for anything saving, e.g. some "enter some perhaps not so secret but still hidden password here in order to be able to actually save the wiki"... something that is cached as a temporary tiddler and needs to be entered whenever the wiki is opened anew.

Best wishes,

— tb

[Matabele]

Hi

Another suggestion -- if you were to pack the tiddlers requiring protection into a plugin (easily done with the Tinka plugin) -- they would become shadow tiddlers. This does not prevent editing of these tiddlers, but in the event of a mishap, the original may be restored easily by deleting the edited version.

Note: Before shadow tiddlers appear as ordinary content tiddlers, it is necessary to create a copy -- any trivial edit of the shadow tiddler will do the trick (even opening the shadow tiddler and saving will suffice, as this updates the modification fields.)

regards

[jonath...@wolke7.net]

Hi,

 

no, there isn’t any multi-user workflow.

Users are just accessing the html-file on a shared space.

 

I just want to have a pop-up saying „please enter password“ when someone tries to edit the tagged tiddlers.

How would I achieve that?

 

Matabele, putting them into a plugin sounds to complicated since from time to time there will new tiddlers get tagged with „locked“.

 

 

[Tobias Beer]

Hi again, Jonathan,

Here's one way to prevent saving changes...

1) Disable AutoSave in the ControlPanel under Settings. The most minimalistic version of the below would be to just remove the save button from the main PageControls, by removing the checkbox in the Tools tab in the sidebar. If that's fine with you, you can stop right here.

2) Edit the core shadow tiddler for the save wiki button, e.g. $:/core/ui/Buttons/save-wiki wrapping it in a RevealWidget:

<$reveal type="match" state="$:/_secret" text="my-secret">
<!-- THE CORE BUTTON CODE -->
</$reveal>

Now the save button should be gone from the page-controls.

3) Read States And Temporary Tiddlers @ tb5 and then add...

 -[[$:/_secret]]

...to the filter expression to make sure it never gets saved. I would also recommend modifying the filter to what you see on tb5 to not persist any temporary tiddlers or states of sidebar tabs, etc.

4) Create $:/_secret and enter the text my-secret.

Now the save button should be visible again... and you can click it to save the wiki.

5) To easily enter your password, create and permalink a tiddler called Login containing...

<$edit-text

tiddler="$:/_secret"

default=""

tag="input"

type="password"

placeholder="enter secret here..."/>

When you tag it $:/tags/ControlPanel it will show up as a Login tab in the ControlPanel.

~

As probably noticed, your "password" is entirely visible in plain text, so be aware that this should not be any fancy password but just a barrier to enable saving. Also, if anyone activated auto-save, they won't even need a save button to trigger saving changes. So, anyone playful enough or with malicious intent will be able to screw up your wiki. Hence, do frequent backups, e.g. after edits.

Best wishes,

–tb

[jonath...@wolke7.net]

Hi Tobias,

 

thanks for your detailed explanations. I do learn a lot in hacking tw5 by reading your comments.

 

But… with your approach I would allow editing – but prevent saving.

 

IMHO this is one step too late. Why would I allow editing a tiddler if i knew already that the user is not allow to save his editing?

 

Thus, once again my question:

How would I

·       allow a user to read a special tagged tiddler, but …

·       prevent him from editing this tiddler by …

·       asking for a password when he clicks the edit button, but still keep …

·       the normal behaviour with un-tagged tiddlers.

 

I’m looking for a behaviour just like the „Encrypt single tiddler“ plugin, with the only exception that one can read a „encrypted“ tiddler without a password – but have to enter the password to enable editing.

 

Hoping for help and thanks  again

 

Jonathan

[BJ]

One way would be to  overload the edit-text widget, The 'new' version would check for the tag on the to-be edited tiddler and ask for the password. - it would call the original edit-text widget for actual editing.

kind regards
BJ

[Tobias Beer]

Hi Jonathan,

 

·  allow a user to read a special tagged tiddler, but …
· prevent him from editing this tiddler by

This leads me to think that you do want people to edit your wiki. 

So, how do you manage that multi-user workflow?
Or asked differently, why allow to edit anything at all?

I’m looking for a behaviour just like the „Encrypt single tiddler“ plugin, with the only exception that one can read a „encrypted“ tiddler without a password – but have to enter the password to enable editing.

Interesting idea, but sounds like it needs core modifications,

to prevent people from editing ...through whichever means.

(There's more to it than just an edit button.)

Although, you can surely do the very same procedure

with the edit button in the tiddler toolbar.

Best wishes,

— tb

[Jonathan Haug]

Hi Tobias,

> Although, you can surely do the very same procedure

> <https://groups.google.com/d/msg/tiddlywiki/07WVZmjsopE/zWa7_aKZBAAJ>

> with the edit button in the tiddler toolbar.

cool thing, it just works!

I've created a tiddler called Login and put the input field in there
like you suggested. (No need to put it in the ControlPanel for me)

Then I edited the shadow tiddler $:/core/ui/Buttons/edit and added a
reveal widget, following your hints.

Pretty cool, all the edit buttons are gone -- and come back when I go
to the Login tiddler and enter my password.


BUT: I didn't want to remove *all* of the edit buttons.
Just from those tiddlers I tagged with "locked".
On all the other tiddlers (the "normal" ones) the edit buttons should
stay as always.


Maybe I'm just a last step before the goal.
Someone with a last hint for me?

Thanks in advance

Jonathan

[Tobias Beer]

Hi Jonathan,

 

Maybe I'm just a last step before the goal.
Someone with a last hint for me?

All you need is the list widget and a filter expression around the button that only shows it when the filter matches...

<$list filter="[all[current]<some-filter-condition-for-the-current-tiddler-for-when-to-show-the-button>]">
<!-- all the current code -->
</$list>

For example...

<$list filter="[all[current]!tag[locked]]">

<!-- only show when not tagged "locked" -->

</$list>

Best wishes,

— tb

[Jonathan Haug]

Hi Tobias,


> <$list filter="[all[current]!tagging[locked]]">

you mean "[all[current]!tag[locked]]" (tag, not tagging), right?

Beside of that: fabulous!

To become my personal hero: one more thing ...

When I have entered my password it becomes saved inside the wiki, when I
hit the save button (using tiddlyfox).
Next user opening the wiki gets write access cause the password is
already entered. not so perfect ...

How do i prevent my login tiddler of getting saved, so that the wiki
starts with an empty input field in the login tiddler, even if the
password was entered before the last saving?

Thanks!


Jonathan

[Tobias Beer]

Hi Jonathan,

you mean "[all[current]!tag[locked]]" (tag, not tagging), right?

That's right, using the tagging filter for that purpose only works like so...

<$list filter="[all[current]]-[tagging[locked]]">

<!-- only show when not tagged "locked" -->
</$list>

But it's not as efficient as using the tag filer, so... ;-)

How do i prevent my login tiddler of getting saved, so that the wiki
starts with an empty input field in the login tiddler, even if the
password was entered before the last saving?

Revisit 3) up above again...

Best wishes,

— tb 

[jonath...@wolke7.net]

Tobias,

 

thanks a lot, you’re great a help!

 

Jonathan

[Chris Fischer]

Following these steps causes Tiddly Desktop to save my single file wiki as 0kb

[TonyM]

Chris,

That sounds like you tried and save using the browser. Saving depends on your Operating system, browser and any addins and savers you are using. Perhaps raise this ina  new thread with more information so we can help you.

Tell your Operating system, browser and any addins and savers you are using, and hich steps you followed for what result, since in this thread I would have to read the series of posts to work out what you did.

The more you "spoon feed us" with Information, the quicker, easier and more comprehensive our answers.

Regards

Tony

[Birthe C]

Given your question contained a link from Tobias for creating a template for the $:/config/SaveWikiButton/Template.

I am sure you also read the warning in read : Caution: Defining the wrong save-filter may have you unknowingly lose data!

I hope you had a working backup!

Birthe

[Chris Fischer]

Thankfully, I'm editing with Tiddly Desktop which has lovely backup built-in.

[Birthe C]

Glad to hear you have a backup.

If you want help with the save-filter you used, I think you should upload a copy.

I agree Tiddlydesktop is great.

Birthe