Codev WebTags:
A thought on access permissions and renaming a topic in
%MAINWEB%
If a user topic SomeUser topic contained in SomeGroup is renamed to SomeOtherGroup then the user topic can be used to enlarge the set of users belonging to the initial SomeGroup.
This is not a bug, because the rename code correctly checks for ALLOWCHANGETOPIC of the SomeGroup and renames links in it only if the user has change privilege on that topic.
I am wondering if there is some way to use this to gain higher privileges ...
If so, all TWikiAdmins should keep a vigil eye on the ALLOWWEBRENAME property of the %MAINWEB% and ALLOWTOPICCHANGE in all groups topics.
I should update my GroupsMap? to take care of this ...
-- AndreaSterbini - 01 Jan 2002-
Codev Web
-
Readme first
-
Developers News
-
Changes
-
Major Only
- All Webs
-
RSS Feed
-
Search
- Advanced
-
Topics of interest
-
Categories
-
All tags / My tags
Create New Topic
Georgetown
TWiki 4.2.0- TWiki community
- TWiki marketing
- TWiki advocacy
- TWiki deployment
- Dev questions
- TWiki competition
- Usability
- Security
- Community
- How you can help
- Community roles
-
Answer Support questions
- Community
- #twiki (IRC)
- — logs
- Meet others
- Webs
-
Blog
- Codev
- Main
- Plugins
- Sandbox
- Support
- TWiki
- TWiki01
- TWiki02
- TWiki03
- TWiki04
- TWiki04x01
- TWiki04x02
 |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback