TWiki> Support Web>AccessDeniedOnAttachments (01 Sep 2006, PeterThoeny)EditAttach
Tags:
create new tag
, view all tags

Question

After authentication it is possible to view a topic but we have the error 

Attention 
Access check on Some.WebPreferences failed. Action "VIEW": access not allowed on web.

The users of this web have applied the following access controls in WebPreferences. 

      * Set DENYWEBVIEW = Main.TWikiGuest
      * Set ALLOWWEBVIEW =  Main.DepPHCMSGroup 
      * Set DENYWEBCHANGE = Main.TWikiGuest
      * Set ALLOWWEBCHANGE = Main.DepPHCMSGroup 
      * Set DENYWEBRENAME = Main.TWikiGuest
      * Set ALLOWWEBRENAME = Main.DepPHCMSGroup

I am in TWikiAdminGroup and I can not view the attachments either. If I remove ALLOWWEBVIEW and DENYWEBVIEW then I can view the attachments but this is not what the users of the web want.

Could there be a possible bug with viewfile ?

Environment

TWiki version: TWikiRelease04x00x04
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: RH Linux
Web server: Apache 1.3
Perl version: 5.008
Client OS: Windows, Linux
Web Browser: IE, Mozilla, Firefox
Categories: Permissions

-- PeterJones - 06 Jul 2006

Answer

ALERT! If you answer a question - or have a question you asked answered by someone - please remember to edit the page and set the status to answered. The status is in a drop-down list below the edit box.

TWikiAdminGroup members should be able to view/edit everything, so this looks like a bug.

Let's wait on others to comment on the issue you describe.

-- PeterThoeny - 07 Jul 2006

Are those the only access controls in that topic? Or is there perhaps also a ALLOWTOPICVIEW lurking around somewhere?

Note that if you set ALLOWWEBVIEW there is no need to set DENYWEBVIEW, unless TWikiGuest also happens to be a member of Main.DepPHCMSGroup

ALLOWWEBVIEW says "let these people access the web, but no-one else".

If you have TWikiAdminGroup? set up correctly, then you can indeed edit anything. There is nothing you can do outside of configure to prevent that. One thing to check is that you really are a member of that group, and that {SuperAdminGroup} is set to TWikiAdminGroup in configure.

-- CrawfordCurrie - 11 Jul 2006

These are the only access control settings in the entire web. I took out the set DENYWEBVIEW that you suggested and the results are the same.

I am in the TWikiAdminGroup and I am able to carry out other admin procedures. Also SuperAdminGroup? } is set to TWikiAdminGroup? in configure.

It really does appear that viewfile comes across an access control problem.

-- PeterJones - 11 Jul 2006

Has anyone else seen this behaviour? We are still having problems with attachamnts on topics that have access control as above. Not even TWikiAdminGroup? can view them.

-- PeterJones - 19 Jul 2006

It works ok after adding viewfile into bin/.htaccess.

-- PeterJones - 25 Jul 2006

Update:

Our workaround by putting viewfile in .htaccess worked ok for protected topics. Of course all worldreadable topics had their attachments blocked by this action so we have to go back to the drawing board.

-- PeterJones - 27 Jul 2006

 
WebForm
SupportStatus ClosedUnanswered
Edit | Attach | Print version | History: r8 < r7 < r6 < r5 < r4 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r8 - 01 Sep 2006 - 21:30:31 - PeterThoeny
Support.AccessDeniedOnAttachments moved from Support.AccessDeniedOnAttachmentsPossibleBugOnViewfile on 07 Jul 2006 - 22:03 by PeterThoeny - put it back
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback