Authorization is the process of determining which resources may be accessed by a particular user. It occurs after authentication has determined the identity of the user. TiddlyWiki's WebServer implements a simple authorization scheme which permits independent control of who has administrator access to the server, and read and write access to a wiki.
The WebServer parameters admin, readers and writers each contain a comma separated list of principals (which is to say, either usernames or certain special tokens) which should have read or write access respectively.
The available special tokens are:
- (anon) - indicates all anonymous users
- (authenticated) - indicates all authenticated users
At this time, no server functions are restricted to admin authorized users in the unmodified Tiddlywiki server. Third party plugins can leverage this to restrict routes or commands to a subset of authorized users.
Read-only mode is engaged when the current user is not authorized to write to the current wiki.
User interface features concerned with creating or editing content are disabled in read-only mode:
- clone, delete, new-here and new-journal-here tiddler toolbar buttons
- import, manager, new-tiddler new-image and new-journal page control buttons
The tiddler $:/status/IsReadOnly is set to
yes when read-only mode is engaged.
These example use the credentials parameter to specify the location of a file containing usernames and passwords.
In the first example, read access is permitted for the users "joe" and "mary", with write access restricted to "mary":
tiddlywiki mywikifolder --listen credentials=myusers.csv readers=joe,mary writers=mary
In the following example, read access is granted to all authenticated users, but only "mary" is granted write access:
tiddlywiki mywikifolder --listen credentials=myusers.csv "readers=(authenticated)" writers=mary
In the following example, read and write access is granted to all authenticated users, but only "mary" is granted admin access:
tiddlywiki mywikifolder --listen credentials=myusers.csv "readers=(authenticated)" "writers=(authenticated)" admin=mary