This page is part of a static HTML representation of the TiddlyWiki at https://tiddlywiki.com/

WebServer Authorization

22nd November 2021 at 12:41am

Authorization is the process of determining which resources may be accessed by a particular user. It occurs after authentication has determined the identity of the user. TiddlyWiki's WebServer implements a simple authorization scheme which permits independent control of who has administrator access to the server, and read and write access to a wiki.

The WebServer parameters admin, readers and writers each contain a comma separated list of principals (which is to say, either usernames or certain special tokens) which should have read or write access respectively.

The available special tokens are:

  • (anon) - indicates all anonymous users
  • (authenticated) - indicates all authenticated users

Admin Functions

The (anon) token is not valid for the admin parameter.

At this time, no server functions are restricted to admin authorized users in the unmodified Tiddlywiki server. Third party plugins can leverage this to restrict routes or commands to a subset of authorized users.

Read-only Mode

Read-only mode is engaged when the current user is not authorized to write to the current wiki.

User interface features concerned with creating or editing content are disabled in read-only mode:

  • clone, delete, new-here and new-journal-here tiddler toolbar buttons
  • import, manager, new-tiddler new-image and new-journal page control buttons

The tiddler $:/status/IsReadOnly is set to yes when read-only mode is engaged.

Examples

These example use the credentials parameter to specify the location of a file containing usernames and passwords.

In the first example, read access is permitted for the users "joe" and "mary", with write access restricted to "mary":

tiddlywiki mywikifolder --listen credentials=myusers.csv readers=joe,mary writers=mary

In the following example, read access is granted to all authenticated users, but only "mary" is granted write access:

tiddlywiki mywikifolder --listen credentials=myusers.csv "readers=(authenticated)" writers=mary

In the following example, read and write access is granted to all authenticated users, but only "mary" is granted admin access:

tiddlywiki mywikifolder --listen credentials=myusers.csv "readers=(authenticated)" "writers=(authenticated)" admin=mary