Tags:
create new tag
, view all tags

Feature Proposal: "All Users" Groups

Motivation

Having such a group would help in access control, particularly in areas such as a web where access in controlled, but comments can be added to an included topic with access allowed.

When EmptyDenySettingMeansUndefinedSetting is implemented, such a group becomes necessary.

Description and Documentation

The following groups will be introduced.

  • Main.AllUsersGroup - literally all users including non-authenticated access
  • Main.AllAuthUsersGroup - all users authenticated

The original proposal was to introduce Main.AllRegisteredUsersGroup, but there are TWiki installations not requiring user registration - user authentication might be provided outside TWiki. So "Registered Users" is not appropriate.

Examples

Impact and Available Solutions

Implementation

Here's a first cut I tried this morning: I've added:

push(@{$this->{grouplist}}, $this->findUser($TWiki::cfg{AllRegisteredUsersGroup}));
into
getAllGroups() -- (Users.pm)
like so :
sub getAllGroups() {
    my $this = shift;
    ASSERT($this->isa( 'TWiki::Users')) if DEBUG;

    unless (defined($this->{grouplist})) {
        # Always add $cfg{SuperAdminGroup}
        my $sawAdmin = 0;
        @{$this->{grouplist}} =
          map { $sawAdmin ||= ($_->wikiName() eq $TWiki::cfg{SuperAdminGroup}); $_ }
            $this->{usermappingmanager}->getListOfGroups();
        if (!$sawAdmin) {
            push(@{$this->{grouplist}}, $this->findUser($TWiki::cfg{SuperAdminGroup}));
        }
+        push(@{$this->{grouplist}}, $this->findUser($TWiki::cfg{AllRegisteredUsersGroup}));
    }
    return \@{$this->{grouplist}};
}

also I've added:

} else {
  if ($group->{wikiname} eq "AllRegisteredUsersGroup") {
    $group->{members} = $this->{session}->{users}->getAllUsers;
  }
}
into
groupMembers() -- (TWikiUserMapping.pm)
like so:
sub groupMembers {
    my $this = shift;
    my $group = shift;
    ASSERT($this->isa( 'TWiki::Users::TWikiUserMapping')) if DEBUG;
    my $store = $this->{session}->{store};

    if( !defined $group->{members} &&
          $store->topicExists( $group->{web}, $group->{wikiname} )) {
        my $text =
          $store->readTopicRaw( undef,
                                $group->{web}, $group->{wikiname},
                                undef );
        foreach( split( /\r?\n/, $text ) ) {
            if( /$TWiki::regex{setRegex}GROUP\s*=\s*(.+)$/ ) {
                next unless( $1 eq 'Set' );
                # Note: if there are multiple GROUP assignments in the
                # topic, only the last will be taken.
                $group->{members} =
                  $this->{session}->{users}->expandUserList( $2 );
            }
        }
        # backlink the user to the group
        foreach my $user ( @{$group->{members}} ) {
            push( @{$user->{groups}}, $group );
        }
+#   }
+    } else {
+      if ($group->{wikiname} eq "AllRegisteredUsersGroup") {
+        $group->{members} = $this->{session}->{users}->getAllUsers();
+      }
+    }

    return $group->{members};
}

All of this seems to work but the modification seemed too simple, and I don't really know enough about TWiki to be sure.

-- GregPendlebury

The above implementation is for TWikiUserMapping and does not work with other user mappings.

Having AllUsersGroup and AllAuthUsersGroup implemented in TWiki::Users::BaseUserMapping is a possibility. But this doesn't sound right because a group in a user mapping should have the users defined in the mapping.

As such, having those groups defined in TWiki::Users::isInGroup() seems reasonable.

-- HideyoImazu

-- Contributors: GregPendlebury

Discussion

-- GregPendlebury - 14 Nov 2006

This started in Support.GroupWithAllUsers. An AllUsersGroup or AllRegisteredUsersGroup would be useful to have. It could be done implicitly with a TWiki internal test, e.g. without the need to update the AllUsersGroup at registration time.

-- PeterThoeny - 14 Nov 2006

Updated with my first try at a working version.

-- GregPendlebury - 11 Dec 2006

Now, I'm committed to this proposal and modified it. Since this was proposed a long time ago and no objection has been raised, isn't this regarded as "Accepted by 7 day feedback period"?

-- Hideyo Imazu - 2013-09-02

Technically, the clock starts once the committed developer and date of commitment is filled in. So it would start today. We can make an exception so that it can ship with TWiki-6.0.

What is the difference between AllUsersGroup and AllAuthUsersGroup?

-- Peter Thoeny - 2013-09-02

The only difference is unknown/unregistered/unauthenticated users are included or not. AllUsersGroup includes literally all users even if they are not registered and hence not authenticated. AllAuthUsersGroup excludes unregistered and unauthenticated users.

-- Hideyo Imazu - 2013-09-02

I've changed the status to AcceptedProposal with the reason being AcceptedByReleaseMeeting, which is sort of true - EmptyDenySettingMeansUndefinedSetting is approved by the last release meeting and that enhancement requires this enhancement.

-- Hideyo Imazu - 2013-09-03

Cross-proposal at CreateAnAllUsersGroup.

-- Peter Thoeny - 2013-09-19

Edit | Attach | Watch | Print version | History: r9 < r8 < r7 < r6 < r5 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r9 - 2013-09-19 - PeterThoeny
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.