• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use
Item7848 for generic doc work for TWiki-6.1.1. Use Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
• Does this site look broken?. Use the LitterTray web for test cases.
• Use
Item7848 for generic doc work for TWiki-6.1.1. Use Item7851 for doc work on extensions that are not part of a release. More... Close • Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
• Does this site look broken?. Use the LitterTray web for test cases.
Item7481: Admin should be able to add new users even if EnableNewUserRegistration is off
Item Form Data
| AppliesTo: | Component: | Priority: | CurrentState: | WaitingFor: | TargetRelease | ReleasedIn |
|---|---|---|---|---|---|---|
| Engine | Normal | New | n/a |
Edit Form Data
Detail
The configuration setting
- 2014-04-05
{Register}{EnableNewUserRegistration}
is convenient to prevent users from registering themselves. (I recently helped a client by removing approximately 300 "Spam" users from the htpasswd file!).
However, a TWiki Admin should be able to add new users (run the register CGI script) regardless of the setting of this configuration variable.
That is, if someone is logged in to TWiki and their ID has Admin permission, this should override the {Register}{EnableNewUserRegistration} setting.
I expected that it would and was surprised when I got an error that I could not run the script.
Yes, the Admin can go to configure, reset the setting, add the users, reset the setting, but this is brittle. They could forget turn to turn this setting off again. Spammers could access register during the period that Enable is on.
(Personally, one of the things that I do is to protect the register script with Apache's access configuration options, the same way that I protect configure. We could recommend this in the docs.)
FYI: I really like the code in TWikiRegistration that sets a NOREGISTRATION variable to disable the form fields unless context registration_supported. When Admins are allowed to add users at any time, this could be expanded as
* Set NOREGISTRATION = %IF{"context registration_supported" then="%IF{"'%USERNAME%' ingroup 'TWikiAdminGroup'" then="" else="DISABLED"}%" else="DISABLED"}%
-- TWiki:Main/VickiBrown - 2014-04-05
| ItemTemplate | |
|---|---|
| Summary | Admin should be able to add new users even if EnableNewUserRegistration is off |
| ReportedBy |
TWiki:Main.VickiBrown
|
| Codebase | 6.0.0 |
| SVN Range | TWiki-6.0.1-trunk, Sat, 22 Mar 2014, build 27164 |
| AppliesTo | Engine |
| Component | |
| Priority | Normal |
| CurrentState | New |
| WaitingFor | |
| Checkins | |
| TargetRelease | n/a |
| ReleasedIn | |
Edit | Attach | Raw edit | More topic actionsTopic revision: r1 - 2014-04-05 - VickiBrown
Site map
Bugs web
Create New Report
Index
Search
Detailed Items Query
Changes
100
Notifications
RSS Feed
Statistics
Preferences
Bugs 
Items by urgency
My Reports
Recently Closed
Extensions
By Status 
Waiting for Feedback
Confirmed
Being Worked On
Waiting for Release
No Action Required
Lima 
Fixes for Rel.Notes
Create Feature Request
Account 
Copyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback