• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7700 for generic doc work for TWiki-6.0.2. Use View topic Item7703 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item4402: Access check based on getWikiUserName (fails) vs. getWikiName (succeeds)

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Extension CommentPlugin Urgent Closed   minor 4.2.0

Edit Form Data

Summary:
Reported By:
Codebase:
Applies To:
Component:
Priority:
Current State:
Waiting For:
Target Release:
Released In:
 

Detail

I'm a TWiki newbie, but the following seems like a bug, either in CommentPlugin, or in some core functions called by CommentPlugin.

I installed 4.1.2 a few weeks ago. And I have overridden TWikiUserMapping.pm with my own version, so it's quite possible that has aggravated things. Yet the core edit/save/group/user stuff seems to work for me.

The overall problem is I can edit a page normally, but cannot add a comment to it. I'm denied access for comments, even though I'm in the TWikiAdminGroup.

In Comment.pm, in save(), the wikiUserName is obtained:

my $wikiUserName = TWiki::Func::getWikiUserName();

and then fed to TWiki::Func::checkAccessPermission() to check permissions.

But getWikiUserName() returns 'Main.bobg' as opposed to my login or wikiName 'bobg', and the presence of 'Main.' messes up the authorization check.

Should Comment.pm use: my $wikiUserName = TWiki::Func::getWikiName();

(That does fix the problem.) Or should checkAccessPermission() be smart enough to ignore the 'Main.' prefix ? In which case, this bug should be fixed elsewhere.

-- TWiki:Main/BobGoldstein - 20 Jul 2007

A bit of both, probably. Either way, this needs to be fixed for 4.2 with the new user mappers, so raising to Urgent.

CC

Done, thanks Bob!

CC

ItemTemplate
Summary Access check based on getWikiUserName (fails) vs. getWikiName (succeeds)
ReportedBy TWiki:Main.BobGoldstein
Codebase 4.1.2
SVN Range TWiki-4.1.2, Thu, 19 Jul 2007, build 14438
AppliesTo Extension
Component CommentPlugin
Priority Urgent
CurrentState Closed
WaitingFor

Checkins TWikirev:14736
TargetRelease minor
ReleasedIn 4.2.0
Edit | Attach | Watch | Print version | History: r8 < r7 < r6 < r5 < r4 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r8 - 2008-01-22 - KennethLavrsen
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback