<input type="hidden" name="action" value="form" />
in my form (also with templatetopic
parameter) and I expect to edit the form only but bring in my topic template content in background.
If I doesn't include " * Set ALLOWTOPICVIEW %WIKIUSERNAME%" in the topic template, basically I can get into the form edit. (there is another problem reported in Item5547
If I include " * Set ALLOWTOPICVIEW %WIKIUSERNAME%" in the topic template, I will receive a "no 'view' privilege" message that I think it is wrong in 4.2! If I apply the same test in 4.1.2. It doesn't give me a message but only a strange page like below!
BTW, administrator can get into the form edit page normally without any privilege error or strange blank page.
- 02 May 2008
I don't understand the report, and I suspect no-one else will be able to either. The image is too blurry to make anything out, and "* Set ALLOWTOPICVUEW %WIKIUSERNAME%" doesn't mean anything to TWiki, so I don't understand the relevance.
Please try to build a testcase in the LitterTray
web of this site to demonstrate the problem.
- 10 May 2008
Sorry that I didn't make my question clearly.....I will try again!
Because I am not the admin of LitterTray, I can't make my test case in LitterTray exactly the same as in my TWiki installation. But maybe you can try it.
Please look at TestTopicWithActionParam
first. The button in it will create a new topic (ex: TestTopicWithActionParamByMagicYang
) base on template topic 'EvaluationTemplate' and a form template 'MyForm'. I want to edit the new topic in form only but bring in my topic template content (ACL setting) in background
Currently there are 2 lines in EvaluationTemplate (Set ALLOWTOPICCHANGE = %WIKIUSERNAME% && Set VIEW_TEMPLATE=...) and they are not bring in into new topic (This problem is reported in Item5547)! But when I add ( * Set ALLOWTOPICVIEW = %WIKIUSERNAME%) into EvaluationTemplate, there is another problem!
The problem occurs only when the user (who press the button) is not an administrator
- In 4.1.2, a strange blank page (only banner icon and footer action bar are shown) appear!
- In 4.2, system tell me that I don't have 'view' privilege to see the new created topic!
It's wired and I think I (who press the button) should be the only one who can view and change the new created topic! Am I wrong?
Hope that you can understand what I want to do and you can re-produce it in your TWiki installation!!
- 11 May 2008
I see that you reported two bugs in Item5547
. One was fixed and you refer to what appeared to you to be another above. Please don't do that; for tracking, we need each report to relate to only one bug.
Anyway, it's not a bug. You put the access control into an HTML comment in the template, which gets stripped out when the template is instantiated. I believe you can escape such a comment using %NOP% in the template e.g.
<%NOP%!-- comment --&t
This is actually the same thing that is causing your issue with the access controls, i suspect. If you
* Set ALLOWTOPICVIEW = %WIKIUSERNAME%
in the template topic you are restricting view access to that topic to a non-user called %WIKIUSERNAME%. VIEW access is required to instantiate a template topic, so you get an access violation when you try to create a new topic based on that template.
The solution is to use %NOP% in the template topic to "defuse" the * Set statement. For example:
*%NOP% Set ALLOWTOPICVIEW = %WIKIUSERNAME%
I modified your example in the litterTray web to demonstrate this.
- 12 May 2008
Thanks for your remind and explanation. I add the code into my template and it works. But I think it is still a bug in 4.1.2 because it doesn't show proper access control message but a blank page instead.
- 13 May 2008
Understood, and I agree, it's a bug in 4.1.2. Unfortunately nobody releases patches to older releases (except in the case of severe security bugs).
- 13 May 2008