Item4284: Support topic permissions checking

Proposed patch is

Index: MailerContrib/WebNotify.pm
===================================================================
--- MailerContrib/WebNotify.pm  (revision 14231)
+++ MailerContrib/WebNotify.pm  (working copy)
@@ -205,6 +205,19 @@

     foreach my $name ( keys %{$this->{subscribers}} ) {
         my $subscriber = $this->{subscribers}{$name};
+
+        my $allowed = TWiki::Func::checkAccessPermission(
+           'VIEW',
+           $name,
+           undef,
+           $topic,
+           $this->{web}
+        );
+        unless( $allowed ){
+           # user not allowed to view this topic
+           next;
+        }
+
         my $subs = $subscriber->isSubscribedTo( $topic, $db );
         if ($subs && !$subscriber->isUnsubscribedFrom( $topic, $db )) {
             my $emails = $subscriber->getEmailAddresses();

However there's a bad problem with this; if access to a topic is controlled using DENY, then all a footpad has to do is to use an email address instead of a wikiname to get notifications anyway.

We need to be able to disable use of emails in notifications as well. This is best done by matching emails against a "filter-in" regular expression; that would also help block illegal notifications outside the company, for example.

-- TWiki:Main/CrawfordCurrie - 22 Jun 2007

Accidentally credited last checkin to Item4248

CC