• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item4284: Support topic permissions checking

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Extension MailerContrib Normal Closed   minor  

Edit Form Data

Reported By:
Applies To:
Current State:
Waiting For:
Target Release:
Released In:


Proposed patch is
Index: MailerContrib/WebNotify.pm
--- MailerContrib/WebNotify.pm  (revision 14231)
+++ MailerContrib/WebNotify.pm  (working copy)
@@ -205,6 +205,19 @@

     foreach my $name ( keys %{$this->{subscribers}} ) {
         my $subscriber = $this->{subscribers}{$name};
+        my $allowed = TWiki::Func::checkAccessPermission(
+           'VIEW',
+           $name,
+           undef,
+           $topic,
+           $this->{web}
+        );
+        unless( $allowed ){
+           # user not allowed to view this topic
+           next;
+        }
         my $subs = $subscriber->isSubscribedTo( $topic, $db );
         if ($subs && !$subscriber->isUnsubscribedFrom( $topic, $db )) {
             my $emails = $subscriber->getEmailAddresses();
However there's a bad problem with this; if access to a topic is controlled using DENY, then all a footpad has to do is to use an email address instead of a wikiname to get notifications anyway.

We need to be able to disable use of emails in notifications as well. This is best done by matching emails against a "filter-in" regular expression; that would also help block illegal notifications outside the company, for example.

-- TWiki:Main/CrawfordCurrie - 22 Jun 2007

Accidentally credited last checkin to Item4248


Summary Support topic permissions checking
ReportedBy TWiki:Main.CrawfordCurrie

SVN Range TWiki-4.1.2, Thu, 21 Jun 2007, build 14235
AppliesTo Extension
Component MailerContrib
Priority Normal
CurrentState Closed

Checkins TWikirev:14249
TargetRelease minor

Edit | Attach | Watch | Print version | History: r6 < r5 < r4 < r3 < r2 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r6 - 2008-01-22 - KennethLavrsen
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback