• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use
Item7848 for generic doc work for TWiki-6.1.1. Use Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
• Does this site look broken?. Use the LitterTray web for test cases.
• Use
Item7848 for generic doc work for TWiki-6.1.1. Use Item7851 for doc work on extensions that are not part of a release. More... Close • Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
• Does this site look broken?. Use the LitterTray web for test cases.
Item3855: Blank ALLOWTOPICVIEW, ALLOWTOPICCHANGE, ALLOWTOPICRENAME values not honored
Item Form Data
| AppliesTo: | Component: | Priority: | CurrentState: | WaitingFor: | TargetRelease | ReleasedIn |
|---|---|---|---|---|---|---|
| Engine | Low | No Action Required | n/a |
Edit Form Data
Detail
After upgrading to the latest TWiki release, we were verifying several access control features for an internal project. Looking at TWiki:TWiki.TWikiAccessControl
, we saw that "setting - 07 Apr 2007
There was a big fight over this, which was resolved (against my better judgment) by changing the documentation to fit the (IMHO broken) code.
Because it was a security issue it was done on the quiet, so sorry, no bug numbers to refer you to. But you have identified the correct workaround.
CC
Clint a good advice is to always read the release note (TWikiReleaseNotes04x01.html in the twiki root and also a topic TWikiReleaseNotes04x01 in the TWiki web) when you install a new version of TWiki. It is very clearly stated there.
-- TWiki:Main.KennethLavrsen - 26 Apr 2007
, we saw that "setting ALLOWTOPIC to empty denies access to everyone except admins". However, this does not seem to be the case.
Here is a test case showing the issue.
For now we worked around this issue by inserting NobodyGroup in ALLOWTOPICVIEW/CHANGE/RENAME to achieve the desired results; I would hence suppose this issue is not very urgent.
But is this more of a bug in the engine (they are supposed to be honored) or that in the documentation (blank ALLOWTOPICs are not actually honored)? The documentation and actual results are pretty different.
-- TWiki:Main/ClintMarkGono - 07 Apr 2007
There was a big fight over this, which was resolved (against my better judgment) by changing the documentation to fit the (IMHO broken) code.
Because it was a security issue it was done on the quiet, so sorry, no bug numbers to refer you to. But you have identified the correct workaround.
CC
Clint a good advice is to always read the release note (TWikiReleaseNotes04x01.html in the twiki root and also a topic TWikiReleaseNotes04x01 in the TWiki web) when you install a new version of TWiki. It is very clearly stated there.
-- TWiki:Main.KennethLavrsen - 26 Apr 2007
| ItemTemplate | |
|---|---|
| Summary | Blank ALLOWTOPICVIEW, ALLOWTOPICCHANGE, ALLOWTOPICRENAME values not honored |
| ReportedBy |
TWiki:Main.ClintMarkGono
|
| Codebase | 4.1.2 |
| SVN Range | |
| AppliesTo | Engine |
| Component | |
| Priority | Low |
| CurrentState | No Action Required |
| WaitingFor | |
| Checkins | |
| TargetRelease | n/a |
| ReleasedIn | |
Topic revision: r3 - 2007-04-26 - KennethLavrsen
Site map
Bugs web
Create New Report
Index
Search
Detailed Items Query
Changes
100
Notifications
RSS Feed
Statistics
Preferences
Bugs 
Items by urgency
My Reports
Recently Closed
Extensions
By Status 
Waiting for Feedback
Confirmed
Being Worked On
Waiting for Release
No Action Required
Lima 
Fixes for Rel.Notes
Create Feature Request
Account 
Copyright © 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback