Reader only role in a non public wiki

[ctrl....@gmail.com]

In a non public wiki: How to create users with read permissions but without edit permission?

[Chris Small]

Unfortunately it's not been implemented yet, it's editor or nothing.  You can lock pages down to admin only, that is about as close as it gets.

The permissions system is getting an overhaul for v3 but if you want to add a viewer role it would be fairly easy to do (as long as you skip the UI management in admin settings).

I would really like some feedback on the permissions system, as maybe just addinga viewer role would be enough and a whole new groups/users/roles would be over kill.

On Fri, Nov 20, 2015 at 8:21 AM, <ctrl....@gmail.com> wrote:

In a non public wiki: How to create users with read permissions but without edit permission?

--
You received this message because you are subscribed to the Google Groups "Roadkill Wiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to roadkillwiki...@googlegroups.com.
To post to this group, send email to roadki...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/roadkillwiki/d98ed8e3-e28a-4f65-a9c3-7095a3889e3b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[will...@yahoo.com]

Hi Chris!  Im new to Roadkill and trying to set up this Read-Only user (or better yet, make editor's read-only).  I seen in a couple places you mention that it's not that hard to implement but I am having trouble getting started, knowing where to look.  I've had two fairly daunting thoughts: 1.  step through and change any isEditor checks to isAdmin... or auto-locking pages on creation.  Ideally though we'd like to have a view only state, no creating or editing.  Any advice would be greatly appreciated.  

[Chris S.]

Hello Will,

If I've understood correctly you want to:

• Everyone needs to login first, but they shouldn't all be editors.
  
• The admin role would be the people who can edit.
  

#2 does rely on trusting people who can edit not to destroy the instance but would be far simpler to get up and running.

#1 would be involve the the EditorRequiredAttribute and the AuthorizationProvider class. The way it works is:

1. You go to edit or create a new page with an MVC Action
2. The MVC action is decorated with EditorRequiredAttribute
3. The attribute uses an AuthorizationProvider that is injected into it by the IoC container (Structuremap) and checks if you're an editor, or an admin

So I think the easiest solution would be to fork Roadkill (make sure you use v2.0 tag, master isn't version 2.0) write your own IAuthorizationProvider, and then set that as the default:

https://github.com/roadkillwiki/roadkill/blob/v2.0/src/Roadkill.Core/DI/DependencyManager.cs#162 (change to x.For<IAuthorizationProvider>().Use<MyNewAuthorizationProvider>();)

The default implementation is this one: https://github.com/roadkillwiki/roadkill/blob/v2.0/src/Roadkill.Core/Security/AuthorizationProvider.cs 

The attribute is this: https://github.com/roadkillwiki/roadkill/blob/v2.0/src/Roadkill.Core/Mvc/Attributes/EditorRequiredAttribute.cs

IAuthorizationProvider is just a role-checker, but follows the naming convention Microsoft use for their roles-system (authorization isn't the same as authentication). You could create some new attributes by copying and pasting the EditorRequiredAttribute if you wanted to create new roles, just bare in mind the next version of Roadkill that I'm aiming to release next year might make upgrading a lot of hard work for you.

Hope that helps,

Chris

[Will Sandalls]

Thanks for responding!

As it currently stands, we only need two roles: a read only role and a role that can creat and edit.  Since the latter can mingle with admin privileges, the simplest solution ended up being to change all the authorization attributes from require editor to require admin and anything set to optional authorization to require editor.

The content for the pages is intended to be locked down and distributed for educational purposes.  So we need to keep the bulk of the readership from changing the materials. If there ever becomes a need to work in a third role (and there might) I'll certainly appreciate the guidance. But given the next versions impeding releasing, I think this the path of least maintenance that effs us the least in terms of future upgrades.

Thanks again!

Will Sandalls

--
You received this message because you are subscribed to a topic in the Google Groups "Roadkill Wiki" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/roadkillwiki/VJ_mTHbfe_U/unsubscribe.
To unsubscribe from this group and all its topics, send an email to roadkillwiki...@googlegroups.com.

To post to this group, send email to roadki...@googlegroups.com.

To view this discussion on the web, visit https://groups.google.com/d/msgid/roadkillwiki/9bc2af22-e9d2-40e1-9217-d082fa9c6fc7%40googlegroups.com.