Your TWiki site may be depending on a web user authentication mechanism provided in your environment. And your users are well accustomed to the user IDs of that environment.
You may have an LDAP server or Active Directory, which defines groups. And your TWiki site may be connected that directory server using LdapNgPlugin.
This topic discusses how to have such custom notations and use them for access control and change notification setting.
Here's the basic assumption of this topic.
To make the discussion concrete, let's assume the following custom notations.
TWiki gets an authenticated user ID in $ENV{REMOTE_USER}
from a mechanismm provided by the environment.
A user can be represented as USER:user-id
in addition to a wikiname.
USER:user-id
in a topic becomes a hyper link to the directory look-up page of the user.
Groups are defined in LDAP and they are represented as LDAPGROUP:group-name
.
There is no wikiname corresponding to those groups.
LDAPGROUP:group-name
in a topic becomes a hyper link to the directory look-up page of the group.
LDAP groups may be used in parallel to group defined by TWiki topics.
For access control, the notations are used as follows.
* Set ALLOWWEBVIEW = LDAPGROUP:team-foo, USER:barFor change notification (in WebNotify topics), the notatons are used as follows.
* 'LDAPGROUP:team-foo' * 'USER:bar'This is inconvenient because you need to put quotes for change notification, but you don't need to for access control. But you can configure change notification so that you don't need to put quotes for the notations.
To make use of the notations mentioned above for access control and change notification setting, you need to have the following.
$TWiki::cfg{UserMappingManager}
accordingly.
If you simply utilize authenticated user IDs provided by the environment and map to wikinames and map wikinames to user IDs, you don't provide custom notations, and you stick to groups defined by TWiki topics, then you don't have to do a lot with your custom mapping manager. Creating a subclass of TWikiUserMapping and implementing the following methods is enough.
handlesUser()
login2cUID()
getLoginName()
getWikiName()
findUserByEmail()
getEmails()
findUserByWikiName()
You don't have to have a plug-in for user wikinames, but it's nice if you have it. Because under the assumption, user registration in TWiki is not needed, hence many users leave their user topics (Main.FirstLast) not created. Consequently, quite a few users' wikinames remain broken links.
If user wikinames are converted into links to directory look-up web site's entries, you don't see such broken links of user wikinames. In addition, the wikiname of non-existent user is rendered like a broken link, it's even better.
Since TWiki depends on user accounts provided by the environment, TWiki don't and cannot deal with user password. As such, $TWiki::cfg{PasswordManager}
is set to 'none'
.
In addition to above, the following have to be done to make a user mapping manager full-fledged and support the notations mentioned above.
Recognized as a login name |
Recognized as a wikiname |
|
---|---|---|
USER:user-id |
must be | must be |
LDAPGROUP:group-name |
must not be | must be |
Needs to return a proper cUID when USER:user-id
is given.
When LDAPGROUP:group-name
is handed, the method needs to return the list whose only element is the one handed.
Otherwise, expand the group.
In addition to groups defined by TWiki topics, LDAPGROUP:group-name
needs to yield true.
In addition to groups defined by TWiki topics, LDAPGROUP:group-name
needs to be taken care of.
When LDAPGROUP:group-name
is handed, the method needs to return the email address corresponding to the LDAP group.
When USER:user-id
is handed, the method needs to return the corresponding cUID.
Related Topics: AdminDocumentationCategory, TWikiAccessControl, MailerContrib
|
Copyright © 1999-2025 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Daya Bay? Send feedback Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.CustomUserGroupNotations. |