Tags:
create new tag
view all tags

Question

Hello,

Is it possible to restrict users to create new topics within a web (or subtopics for a given topic), while allowing them to edit existing ones? Something like: I want authenticated users to edit all existing topics below TopicA, but I do not want them to create any new subtopic for TopicA ? In my understanding, preventing users to create new topics can be done by adding them to DENYWEBCHANGE, but this will also prevent them to edit existing topics, which is not what I intend.

Environment

TWiki version: TWikiRelease04x01x00
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: Linux
Web server: Apache
Perl version: 5.8.5
Client OS: Linux
Web Browser: Firefox
Categories: Permissions

-- AndreiDumitrescu - 20 Feb 2008

Answer

ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

I got this from the TWikiAccessControl topic:

Controlling access to a Topic

  • You can define these settings in any topic, preferable towards the end of the topic:
    • Set DENYTOPICVIEW = < comma-delimited list of Users and Groups >
    • Set ALLOWTOPICVIEW = < comma-delimited list of Users and Groups >
    • Set DENYTOPICCHANGE = < comma-delimited list of Users and Groups >
    • Set ALLOWTOPICCHANGE = < comma-delimited list of Users and Groups >
    • Set DENYTOPICRENAME = < comma-delimited list of Users and Groups >
    • Set ALLOWTOPICRENAME = < comma-delimited list of Users and Groups >

Remember when opening up access to specific topics within a restricted web that other topics in the web - for example, the WebLeftBar - may also be accessed when viewing the topics. The message you get when you are denied access should tell you what topic you were not permitted to access.

Be careful with empty values for any of these.

  • =Set ALLOWTOPICVIEW = =
    This means the same as not setting it at all. (This was documented wrong in versions 4.0.X, 4.1.0 and 4.1.1)

  • =Set DENYTOPICVIEW = =
    Since TWiki 4.0 this means do not deny anyone the right to view this topic. If DENYTOPICVIEW is set to an empty value anyone has access even if ALLOWTOPICVIEW or ALLOWWEBVIEW is defined. This allows to have very restrictive default access rights to an entire web and still allow individual topics to have more open access.

The same rules apply to ALLOWTOPICCHANGE/DENYTOPICCHANGE and APPLYTOPICRENAME/DENYTOPICRENAME. Setting ALLOWTOPICCHANGE or ALLOWTOPICRENAME to en empty value means the same as not defining it. Setting DENYTOPICCHANGE or DENYTOPICRENAME to an empty value means that anyone can edit or rename the topic.

ALERT! The setting to an empty has caused confusion and great debate and it has been decided that the empty setting syntax will be replaced by something which is easier to understand in the 4.2 version of TWiki. A method to upgrade will be provided. Please read the release notes carefully when you upgrade.

See "How TWiki evaluates ALLOW/DENY settings" below for more on how ALLOW and DENY interacts.

-- JosephTrexler - 29 Feb 2008

Change status to:
WebForm
SupportStatus AnsweredQuestions
Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2008-02-29 - JosephTrexler
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.