This page is part of a static HTML representation of the TiddlyWiki at https://tiddlywiki.com/

WebServer Authorization

22nd November 2021 at 12:41am

Authorization is the process of determining which resources may be accessed by a particular user. It occurs after authentication has determined the identity of the user. TiddlyWiki's WebServer implements a simple authorization scheme which permits independent control of who has administrator access to the server, and read and write access to a wiki.

The WebServer parameters admin, readers and writers each contain a comma separated list of principals (which is to say, either usernames or certain special tokens) which should have read or write access respectively.

The available special tokens are:

  • (anon) - indicates all anonymous users
  • (authenticated) - indicates all authenticated users

Admin Functions

<<.tipThe (anon) token is not valid for the admin parameter.>>

At this time, no server functions are restricted to admin authorized users in the unmodified Tiddlywiki server. Third party plugins can leverage this to restrict routes or commands to a subset of authorized users.

Read-only Mode

Read-only mode is engaged when the current user is not authorized to write to the current wiki.

User interface features concerned with creating or editing content are disabled in read-only mode:

  • clone, delete, new-here and new-journal-here tiddler toolbar buttons
  • import, manager, new-tiddler new-image and new-journal page control buttons

The tiddler $:/status/IsReadOnly is set to yes when read-only mode is engaged.

Examples

These example use the credentials parameter to specify the location of a file containing usernames and passwords.

In the first example, read access is permitted for the users "joe" and "mary", with write access restricted to "mary":

tiddlywiki mywikifolder --listen credentials=myusers.csv readers=joe,mary writers=mary

In the following example, read access is granted to all authenticated users, but only "mary" is granted write access:

tiddlywiki mywikifolder --listen credentials=myusers.csv "readers=(authenticated)" writers=mary

In the following example, read and write access is granted to all authenticated users, but only "mary" is granted admin access:

tiddlywiki mywikifolder --listen credentials=myusers.csv "readers=(authenticated)" "writers=(authenticated)" admin=mary