I've encountered a problem with the permission setting for renaming webs. Under the ManagingWebs
topic in the standard TWiki web, there is the following statement:
"You may only rename a web if you have permissions to rename all the topics within that web, including any topics in that web's subwebs. You will also need permissions to update any topics containing references to that web."
So I attempted to limit web rename rights to the TWikiAdminGroup
by creating a new web and setting ALLOWWEBRENAME to TWikiAdminGroup
. Nevertheless, as a non-admin user, I was then able to rename the new web both by changing it from a root-level web to a sub-web of another root-level web, and by simply changing the web name at the root level.
In the process, TWiki did present me with the following warning:
There are problems with renaming this web:
1.You are denied access to the following topics in the web: Test2/WebAtom Test2/WebChanges Test2/WebCreateNewTopic Test2/WebHome Test2/WebIndex Test2/WebLeftBar Test2/WebNotify Test2/WebPreferences Test2/WebRss Test2/WebSearch Test2/WebSearchAdvanced Test2/WebStatistics Test2/WebTopicList
2. The following topics are locked for edit, and cannot be moved: (none)
3. The following topics refer to topics in this web, but you are denied access to them: (none)
4. The following topics refer to topics in this web, but are being edited: (none)
Continue and try to rename web?
But I could still click "Continue and try to rename web?" and then go through with renaming it as described above. Before posting this bug report, I verified the following:
- I was in fact logged in as a non-admin user by looking at the log files from the shell.
- ALLOWROOTCHANGE set to TWikiAdminGroup
- Authentication being used is Template Login.
- 05 May 2008
- documentation issue: "ALLOWWEBRENAME" in fact grants permissions to rename topics in a web.
- How to protect webs from getting renamed? This bug item should probably be split up (documentation update could be released with 4.2.1, access tests and code changes (if needed) will likely take more time...)
- 12 May 2008
Judging from a quick read of the web renaming code, there is currently no way to prevent a web from being renamed. IMHO it should follow the same rules as topics, so should follow the constraints of the container. In the case of a subweb, that means respecting the setting of ALLOWWEBRENAME on the parent web (which is defined as controlling the renaming of "things" in that web) and ALLOWROOTRENAME for root webs. I believe this is a trivial fix, which should be implemented for 4.2.1.
BTW for history's sake, the interpretation of ALLOWWEBRENAME as controlling contained topics (the contents of the container) is something that has existed since the early days of TWiki i.e. well before 4.0 came on the scene, so changing the interpretation is probably a bad idea at this stage. The application of it to subwebs was merged from MegaTWiki. ALLOWCONTENTRENAME (and matching ALLOWCONTENTVIEW and ALLOWCONTENTCHANGE) might have been a better choice, but by the time subwebs were invented it was already too late.
- 13 May 2008
- 04 Jun 2008
For the short term, I simply edited the oops message so that it doesn't give the user the option of "Continue and rename anyway?", but instead offers them a link to "Return to WebHome
." Is there any other way users could get around this without knowing all of the URL parameters needed to execute the confirm rename?
- 05 Jun 2008
Crawford are you following up on what you call a trivial fix so we can close this security issue in 4.2.1?
- 18 Jun 2008
I have started working on this one and progressing well.
- 01 Jul 2008
I have fixed this. It was a little more than trivial - at least for me.
But I think we have a reasonably safe renaming of webs now.
I have added this docu to ManagingWebs
You may only rename a web if you have the following permissions
- You must be allowed to rename and changes topics in the web you want to rename
- You must be allowed to rename topics in the parent web of the web you want to rename
- If the parent web is the root you must be allowed to both rename and create webs in the root web as defined by ALLOWROOTCHANGE and ALLOWROOTRENAME (defined in TWiki.TWikiPreferences)
- If you move the web to another parent web you must be allowed to create and change topics in the new parent web.
When you rename a web TWiki will try and update all links that refer to the old web. You should note that links only get updated in topics that you are allowed to edit. If you use access rights in the TWiki installation it is generally best to let an administrator rename webs to avoid too many broken links.
- 02 Jul 2008