Authorization is the process of determining which resources may be accessed by a particular user. It occurs after authentication has determined the identity of the user. TiddlyWiki's WebServer implements a simple authorization scheme which permits independent control of who has administrator access to the server, and read and write access to a wiki.
The WebServer parameters admin, readers and writers each contain a comma separated list of principals (which is to say, either usernames or certain special tokens) which should have read or write access respectively.
The available special tokens are:
At this time, no server functions are restricted to admin authorized users in the unmodified Tiddlywiki server. Third party plugins can leverage this to restrict routes or commands to a subset of authorized users.
Read-only mode is engaged when the current user is not authorized to write to the current wiki.
User interface features concerned with creating or editing content are disabled in read-only mode:
The tiddler $:/status/IsReadOnly is set to
yes when read-only mode is engaged.
These example use the credentials parameter to specify the location of a file containing usernames and passwords.
In the first example, read access is permitted for the users "joe" and "mary", with write access restricted to "mary":
tiddlywiki mywikifolder --listen credentials=myusers.csv readers=joe,mary writers=mary
In the following example, read access is granted to all authenticated users, but only "mary" is granted write access:
tiddlywiki mywikifolder --listen credentials=myusers.csv "readers=(authenticated)" writers=mary
In the following example, read and write access is granted to all authenticated users, but only "mary" is granted admin access:
tiddlywiki mywikifolder --listen credentials=myusers.csv "readers=(authenticated)" "writers=(authenticated)" admin=mary