• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

We would like to be able to control access to a Web using a group defined on that same web. In TWiki3 we were able to do something like this:

  *Set ALLOWWEBVIEW = %WEB%.UserGroup 

and it worked fine. In TWiki4 (Dakar) this no longer works. We've tracked all the way to Users->findUser. It deals with the

variable by ditching it and always looking in Main. If we have other variables though, they never get expanded.

Is this a bug or the way things are now?

Note: I am marking this requirement because it seems that functionality from the last TWiki was lost. While the twiki does function (the usual criteria for a critical bug), it no longer functions as it used to.

In your report above, you say

  * Set ALLOWWEBVIEW = %WEB%.UserGroup 

but then go on to say It deals with the

variable by ditching it. Did you really mean %MAINWEB%? You used %WEB% in your Set. %WEB% is not expanded in access control definitions anyway.

Anyway, true, it no longer functions as it used to. That particular bug has been fixed. I refer you to the TWiki-3 documentation, specifically TWiki.TWikiAccessControl: Groups are defined by group topics created in the Main web, like the TWikiAdminGroup.

TWiki-4 introduced the concept of external authentication and user management. Included in this is the external definition of groups (e.g. in a corporate LDAP server). So the assumption that "a group is a topic" is no longer valid, I'm afraid.

If you feel mortally wounded by this, then please raise a request for a spec change by opening a feature proposal in Codev web.



Crawford -

We are using TWiki as the Centrally supported Wiki option for professors and students. We have very strict guidelines regarding student privacy so we have taken advantage of putting the Group Access List within the class Web to prevent public searching from ever finding or seeing who is part of a class. Now you are saying this won't be supported in TWiki4? You mention the reason is that it was a security hole, how so? Do you have another way to protect access to Class lists?

We hacked the Perl code a bit and were able to put a work-around in place, but we are really hoping for a better solution to be part of the ongoing TWiki code. We are really happy with all the other features in TWiki4 as well as the flexibility TWiki gives us for use on our campus.


If groups topics are stored in Main web, then they can be protected using the normal mechanisms e.g. in Biology101Group put * Set ALLOWTOPICVIEW = Biology101Group and * Set ALLOWTOPICCHANGE = ProfessorsGroup

I said it was a bug, not a security hole. I'm not going to discuss potential security risks in public (don't want to give anyone ideas).

If you want to change the definition of what a group is (for that is effectively what you have been relying on) then you need to provide an alternate UserMappingManager. lib/TWiki/Users/TWikiUserMapping.pm is the default one, which handles groups defined in topics in Main web. A subclass of it which overrides getListOfGroups is probably what you want.


Summary Allow/Deny 'Set' not expanding Bugs variables
ReportedBy TWiki:Main.EricHanson
Codebase 4.0.4
SVN Range TWiki-4.1-beta1, Tue, 29 Aug 2006, build 11384
AppliesTo Engine

Priority Urgent
CurrentState No Action Required


TargetRelease n/a
Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r5 - 2006-09-11 - CrawfordCurrie
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback