• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item7581: Forbid certain users to run certain TWiki scripts by configuration

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Engine   Enhancement Closed TWiki:Main/HideyoImazu patch 6.0.2

Edit Form Data

Summary:
Reported By:
Codebase:
Applies To:
Component:
Priority:
Current State:
Waiting For:
Target Release:
Released In:
 

Detail

This is for TWiki:Codev/ForbidUserAction.

-- TWiki:Main/HideyoImazu - 2014-10-17

Bad news: This breaks configure in all revisions after 28283, and up to 28661.

How to reproduce:

  1. Invoke configure
  2. Enter configuration password
  3. Claim that "Yes, I've read all the documentation"
  4. Open the "Security" section
  5. You see {ForbidUserAction}δ = HASH(0x1ecf450) - or similar. dead!
  6. Don't change anything, just hit "Next"
  7. Go back to TWiki's homepage.
    • Can't use string ("HASH(0x1ecf450)") as a HASH ref while "strict refs" in use at /media/haj/linuxdevel/twiki/trunk/core/lib/TWiki/LoginManager.pm line 408.

The reason: ForbidUserAction is declared as a string in TWiki.spec, but the default value of ForbidUserAction is the empty hash {}. During the round trip through configure (even if you don't change anything!) it will come back as '{}'. After that, there is no chance to read TWiki pages. This can't be fixed in configure, you need to manually edit LocalSite.cfg and delete the configuration.

Unfortunately, I don't know of an easy way to declare configuration variables as hashes in TWiki.spec where you can't enumerate the keys, so I have no idea how to fix this.

I didn't open a new bug item since this code has not yet been released - sorry if this isn't the correct procedure.

-- TWiki:Main.HaraldJoerg - 2015-01-12

Harald, thank you for pointing it out. Now it's fixed.

-- TWiki:Main.HideyoImazu - 2015-01-26

ItemTemplate
Summary Forbid certain users to run certain TWiki scripts by configuration
ReportedBy TWiki:Main.HideyoImazu
Codebase ~twiki4, 6.0.1
SVN Range TWiki-6.0.1-trunk, Mon, 29 Sep 2014, build 28107
AppliesTo Engine
Component

Priority Enhancement
CurrentState Closed
WaitingFor TWiki:Main/HideyoImazu
Checkins TWikirev:28278 TWikirev:28279 TWikirev:28282 TWikirev:28283 TWikirev:28690 TWikirev:28691 TWikirev:28742 TWikirev:28743
TargetRelease patch
ReleasedIn 6.0.2
Edit | Attach | Watch | Print version | History: r19 < r18 < r17 < r16 < r15 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r19 - 2016-01-22 - PeterThoeny
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback