You are here: TWiki>
Codev Web>RenameUserAsGroup (2006-03-09, CrawfordCurrie)
Codev Web>RenameUserAsGroup (2006-03-09, CrawfordCurrie) A thought on access permissions and renaming a topic in
%MAINWEB%
If a user topic SomeUser topic contained in SomeGroup is renamed to SomeOtherGroup then the user topic can be used to enlarge the set of users belonging to the initial SomeGroup.
This is not a bug, because the rename code correctly checks for ALLOWCHANGETOPIC of the SomeGroup and renames links in it only if the user has change privilege on that topic.
I am wondering if there is some way to use this to gain higher privileges ...
If so, all TWikiAdmins should keep a vigil eye on the ALLOWWEBRENAME property of the %MAINWEB% and ALLOWTOPICCHANGE in all groups topics.
I should update my GroupsMap to take care of this ...
-- AndreaSterbini - 01 Jan 2002 Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2006-03-09 - 17:18:48 - CrawfordCurrie
-
Codev Web
-
Readme first
-
Developers News
-
Changes
-
Major Only
- All Webs
-
RSS Feed
-
Search
- Advanced
-
Topics of interest
-
Categories
-
All tags / My tags
Create New Topic
Helsinki
TWiki 4.3.2- TWiki community
- TWiki marketing
- TWiki advocacy
- TWiki deployment
- Dev questions
- TWiki competition
- Usability
- Security
- Community
- How you can help
- Community roles
-
Answer Support questions
- Community
-
#twiki IRC
- — logs
- Meet others
- Webs
-
Blog
- Codev
- Main
- Plugins
- Sandbox
- Support
- TWiki
- TWiki01
- TWiki02
- TWiki03
- TWiki04
- TWiki04x01
- TWiki04x02
- TWiki04x03
Ideas, requests, problems regarding TWiki? Send feedback
Copyright © 1999-2010 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.