• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Hi

We are using 4.0.4 version of TWiki.

We are using hierchical webs.

For e.g.

ParentWeb Name: FunctionalWeb

Child Webs - FinanceWeb - MarketingWeb

In the Webpreference topic of "FunctionalWeb" the follwing attribute is set: - ALLOWWEBCHANGE = FunctionGroup (Group members = FuncUser1, FuncUser2)

In the Webpreference topic of "FinanceWeb" the follwing attribute is set: - ALLOWWEBCHANGE = FinanceGroup (Group members = FinUser1, FinUser2)

In the Webpreference topic of "MarketingWeb" the follwing attribute is set: - ALLOWWEBCHANGE = MarketingGroup (Group members = MarkUser1, MarkUser2)

The overall idea is that FinanceGroup user should not be able to edit MarketingWeb topics and MarketingGroup user should not be able to edit FinanceWeb.

But with his setup, a user say "FinUser1" is not even able to edit the FinanceWeb itself.

But when we set this property in Webpreference topic of "FunctionalWeb" --> ALLOWWEBCHANGE = FunctionGroup, FinanceGroup

the user "FinUser1" is now able to edit the FinanceWeb itself. ****BUT ON THE FLIP SIDE, THIS USER IS ABLE TO EDIT THE MarketingWeb" ALSO.

If this is not a bug, please let me know how we can achieve this -->

The overall idea is that FinanceGroup user should not be able to edit MarketingWeb topics and MarketingGroup user should not be able to edit FinanceWeb.

thanks -Nitin Agrawal


I use subwebs - subdirectories. E.g. MyWeb.SubWeb1

I would like to create a subweb that is private - MyWeb.PrivateSubWeb.

(Why? Because TWiki ACLs are hard to set on a per-topic basis.)

Much to my surprise, it turns out that MyWeb.PrivateSubWeb.WebPreferences ACLs such as DENYWEBVIEW are ignored. Instead, the ACLs of the parent web is used: MyWeb.WebPreferences.

WORKAROUND: do not use SubWebs to control access.

I tried to submit this as a bug in http://develop.twiki.org/~develop/cgi-bin/view/Bugs/WebHome, but was not able to make this bug reporting interface work, as reported in text at the bottom of Support.WebHome

-- TWiki:Main.AndyGlew - 24 Jul 2006

Added a unit test to AccessControlTests, raised priority to Requirement CC

I added a testcase thinking there was a bug here, but on reviewing the testcase I see I got it worng, and that in fact it works perfectly. The web preferences for the subweb is used to control access to that web. If you don't believe me, check the testcase ( test/unit/AccessControlTests, test test_hierarchical_subweb_controls_Item2815

I think the probability is high that you have Set FINALPREFERENCES = ALLOWWEBVIEW in the upper web, which will cause permissions settings in lower level webs to be ignored.

Discarded.

CC

ItemTemplate
Summary In hierchical webs, child webs cannot be edited (ALLOWWEBCHANGE ) by a user unless that user has permissions on parent attribute of ALLOWWEBCHANGE
ReportedBy TWiki:Main.NitinAgrawal
Codebase 4.0.4
SVN Range TWiki-4.1-beta1, Mon, 21 Aug 2006, build 11354
AppliesTo Engine
Component

Priority Urgent
CurrentState No Action Required
WaitingFor

Checkins 11446 11696
TargetRelease n/a
Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r7 - 2006-10-11 - SteffenPoulsen
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback