Tags:
create new tag
view all tags

Question

I have installed this plugin, and with

<Files "view">
       require valid-user
</Files>

all seems well. The revise/approve system works wonderfully.

What I want to know is if it is possible to have it so that a user can access other pages on the twiki intranet that are not controlled documents without being asked to log in.

In particular, if you go to the Main page - it asks you to log in. If you cancel so that you can register, you get the link but then the registration page requires a login to get to it!

If anyone can show me a way to get to other webs without being authenticated, I would appreciate it!

I have tried taking the view thing out of .htaccess, and then adding a group to the Set ALLOWEDWEBVIEW of the relevant web. This appears at first to work, it brings viewauth pages up rather than view, and the APPROVAL tags show up, but the process doesn't work. Send for approval link works, and is replaced by the drop down approve/reject list and button, but clicking the button never changes the state.

Ideally I would like to have it so that the windows username is passed and mapped to a Wiki name, but attempting to work out how to make the Fedora/Apache server I am using do authentication and LDAP stuff seems difficult to say the least!

I don't mind my users having a bit of pain, but enabling them to get to the registration page before demanding a login would be good...!

Environment

TWiki version: TWikiRelease02Sep2004
TWiki plugins: DefaultPlugin, ApprovalPlugin
Server OS: Fedora Core 4
Web server: Apache 2.0.54
Perl version: 5.8.6
Client OS: MS Windows XP, SP2
Web Browser: Opera 8, IE 6, FireFox 1
Categories: Htaccess, Registration, Authentication, Plugins

-- EdMcDonagh - 27 Jul 2005

Answer

ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

Start by using

<Files "viewauth">
       require valid-user
</Files>
<Files "view">
       allow from all
</Files>
and make use of Twikis own interal access control.

I have many webs with a DENYTOPIC or ALLOWTPIC in the WebPreferences to apply for the whole web.

OBTW: In order for users to change password you'll need:

<Files "passwd">
       allow from all
</Files>

Also: If you are running a late model Apache, see also http://svn.twiki.org:8181/svn/twiki/branches/DEVELOP/bin/.htaccess.txt which illustrated the use of the FilesMatch construct. Having everyhthing together like that makes it a little easier to visualise what's going on.

-- AntonAylward - 27 Jul 2005

Thanks Anton. This soooo nearly works! I don't know if you are familiar with the ApprovalPlugin, but with this setup the following happens:

  1. Approved state: Link to revise. Click, moves to...
  2. Revise state: Link to send for approval: Click, moves to...
  3. Awaiting approval state: Drop down box to either approve or send back to revise status. Click on the button, moves to...
  4. Awaiting approval state!

The only way I can get it to make the last step is to set "view" back to require valid-user, which brings me back to square one, and doesn't allow new users to register.

Re: apache, I assume by late you mean Apache 2? If so, then yes I am using a late model. However, unfortunately I cannot get to an 8181 port from work due to the firewall, so I shall have to wait till I get a chance at home to learn from that particular page!

-- EdMcDonagh - 28 Jul 2005

We are using a modified version of the ApprovalPlugin such that users on the intranet are able to view the pages without authentification, only externals user have to login first.

To achieve this effect, the ApprovalPlugin checks if the environment variable REMOTE_USER is set (which is done by Apache if the user is logged in). If yes, the normal transition button is displayed. If no, then instead of a transition button a link labled "Log in and change state" is shown which links to the viewauth version of the page, which in turn requires a login (as described by Anton above)

-- JChristophFuchs - 02 Aug 2005

Thanks for the tip. I think I am right in saying that the variable REMOTE_USER is only set if Apache is in some sort of authenticated mode, which I don't think mine is, and I am not sure how to set up.

However, I have now found a satisfactory solution: I have configured the authentication as described in ApplicationAuthenticationAddOn, and I now have a situation where if the user is not logged in, they can see all the non ISO parts of the intranet, and also the ISO pages, but with no ability to edit. When a user logs in, the ISO pages suddenly have the revise, send for approval and approve etc links on them, and they all work - not just the first two stages!

-- EdMcDonagh - 02 Aug 2005

Edit | Attach | Watch | Print version | History: r6 < r5 < r4 < r3 < r2 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r6 - 2005-08-02 - EdMcDonagh
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.