Hi, probably we should always ALLOWTOPICCHANGE for all topics of all webs to the TWikiAdminGroup , otherwise any HostileUsers can create a topic that he/she only can edit.

Let see if I can stop you from changing this page ... Peter, can you change this topic without loggin in as a TWikiGuest ?

• Set ALLOWTOPICCHANGE = TWikiGuest

-- AndreaSterbini - 14 Dec 2000

No I cannot as PeterThoeny, so I logged in as a guest. I don't want to enable TWikiAdminGroup by default, but a new switch in wikicfg.pm to enable that is probably appropriate.

(BTW, RCS is non functional at the moment, so there is no new revision now. Filed a request at SourceForge)

-- PeterThoeny - 17 Dec 2000

---

Now, though not being one of those HostileUsers but having this problem over and over again:

What happens if you misspell Main.TWikiGuest e.g. as main.TWikiGuest?

• Set ALLOWTOPICCHANGE = main.TWikiGuest

You lock out everybody forever ... (Peter, can you still change this topic).

Tired of editing everlocked documents on the file server I allowed TWikiAdminGroup to edit really every document (by changing wikiaccess.pm:)

sub checkAccessPermission
{
  if( userIsInGroup( $wikiUserName, "TWikiAdminGroup" ) ) 
  { 
        return 1;
  }
  ...

(Hope I made no typos cause now I will be locked out forver!)

BTW: Even if I left the first "Set ALLOWTOPICCHANGE = TWikiGuest" this has no affect (because checkAccessPermission does not collect all ALLOWTOPIC changes but takes the last occurance only).

-- KlausWriessnegger - 25 Feb 2001