Hi
We are using 4.0.4 version of TWiki.
We are using hierchical webs.
For e.g.
ParentWeb Name: FunctionalWeb
Child Webs
- FinanceWeb
- MarketingWeb
In the Webpreference topic of "FunctionalWeb" the follwing attribute is set:
- ALLOWWEBCHANGE = FunctionGroup
(Group members = FuncUser1, FuncUser2)
In the Webpreference topic of "FinanceWeb" the follwing attribute is set:
- ALLOWWEBCHANGE = FinanceGroup
(Group members = FinUser1, FinUser2)
In the Webpreference topic of "MarketingWeb" the follwing attribute is set:
- ALLOWWEBCHANGE = MarketingGroup
(Group members = MarkUser1, MarkUser2)
The overall idea is that FinanceGroup user should not be able to edit MarketingWeb topics and MarketingGroup user should not be able to edit FinanceWeb.
But with his setup, a user say "FinUser1" is not even able to edit the FinanceWeb itself.
But when we set this property in Webpreference topic of "FunctionalWeb"
--> ALLOWWEBCHANGE = FunctionGroup, FinanceGroup
the user "FinUser1" is now able to edit the FinanceWeb itself. ****BUT ON THE FLIP SIDE, THIS USER IS ABLE TO EDIT THE MarketingWeb" ALSO.
If this is not a bug, please let me know how we can achieve this -->
The overall idea is that FinanceGroup user should not be able to edit MarketingWeb topics and MarketingGroup user should not be able to edit FinanceWeb.
thanks
-Nitin Agrawal
I use subwebs - subdirectories. E.g.
MyWeb.SubWeb1
I would like to create a subweb that is private -
MyWeb.PrivateSubWeb
.
(Why? Because TWiki ACLs are hard to set on a per-topic basis.)
Much to my surprise, it turns out that
MyWeb.PrivateSubWeb.WebPreferences
ACLs such as DENYWEBVIEW are ignored. Instead, the ACLs of the parent web is used:
MyWeb.WebPreferences
.
WORKAROUND: do not use
SubWebs to control access.
I tried to submit this as a bug in
http://develop.twiki.org/~develop/cgi-bin/view/Bugs/WebHome
,
but was not able to make this bug reporting interface work, as reported in text at the bottom of Support.WebHome
--
TWiki:Main.AndyGlew
- 24 Jul 2006
Added a unit test to
AccessControlTests, raised priority to Requirement
CC
I added a testcase thinking there was a bug here, but on reviewing the testcase I see I got it worng, and that in fact it works perfectly. The web preferences for the subweb is used to control access to that web. If you don't believe me, check the testcase (
test/unit/AccessControlTests
, test
test_hierarchical_subweb_controls_Item2815
I think the probability is high that you have Set FINALPREFERENCES = ALLOWWEBVIEW in the upper web, which will cause permissions settings in lower level webs to be ignored.
Discarded.
CC