Question

I need to send an email to all twiki users registered on my site. I can't get their email addresses as they are no longer shown on the site.

I am the administrator... I should be able to get them...

Environment

-- MartinCleaver - 04 Apr 2006

Answer

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

You can get them.

Assuming you are using .htpasswd (you don't specify), then just cat .htpasswd.

awk 'BEGIN{FS=":";}{print $3}' .htpasswd

-- CrawfordCurrie - 05 Apr 2006

Thanks I was hoping for a TWiki-based answer: we should not assume that the members of the TWikiAdminGroup are 1) UNIX literate 2) have access to the filesystem.

How ought this information be exposed? as a formfield()?

-- MartinCleaver - 05 Apr 2006

security hat tells me, just because you have admin, does not mean you need everyone's email address, nor do you really want to expose it.

Aren't you really just wanting to email out to them? A functionality that is more directly important to a email activated wiki?

-- SvenDowideit - 05 Apr 2006

I want to expose it to anyone with permission. Thus someone viewing a page that aggregates email addresses (e.g. from a group or about an individual) would see only what they are allowed to see.

TWikiAdminGroup would see all details.

An end user would only see their own details.

Maybe a web owner has a different level of privilege again.

-- MartinCleaver - 05 Apr 2006

neat, and slightly scary.. probaly not something that should work by default. Simple plugin that implements a TAG sounds safest.

-- SvenDowideit - 05 Apr 2006

Excuse me, but an administrator for a site (TWikiAdminGroup) should be able to access emails of registered members for whatever reason they may need it. By definition, they are the responsible party for the site. I think it's arrogant for the programmers to presume what level of access they will allow the administrator. In any case, an administrator with file access can get it. The point here is simply to provide for this access as part of the TWiki package - like every other portal package i've ever seen.

-- LynnwoodBrown - 05 Apr 2006

Not quite true Lynnwood. The problem being that TWikiAdminGroup is a mashup group required for many operations. Generally, the full on admin natrully has access too everything, but if you want or need to delegate the ability to do user registration cleanup, general TWiki cleanup, create webs and that sort of thing, we don't provide roles in TWiki, we tell people to add more users to TWikiAdminGroup.

Thus, the more secure implementation is to have the TWiki based TWikiAdminGroup have access to 'not quite everything'. For example, if you look at Joomla/Mambo, you will see that there are differeing levels of user ability.

to be honest though, focussing on getting the email addresses, isn't goingto help you see my point either.

-- SvenDowideit - 05 Apr 2006

I get your point Sven so you don't need to be condenscending. And yes, I'm addressing the point of this topic, which is how to make it possible for the administrator of a TWiki site to access the emails without having to jump through hoops.

I'm familiar with Joomla/Mambo setup and they do have different levels of administrators which would be great to have in TWiki. What we have in TWiki is TWikiAdminGroup and as such is the site administrator - who should have access to the emails.

You are looking at other, albiet legitimate, concerns about TWiki security architecture. If we want to rethink the rule and design of TWikiAdminGroup, that's fine, but this topic is addressing the simple, immediate need for site administrators to have access to email addresses for members to a site for which they are responsible.

-- LynnwoodBrown - 06 Apr 2006

For short term, I suggest that TWikiAdminGroup members can get at all e-mail addresses. The current TWikiAdminGroup members are meant to have root privileges.

Longer term we should think about different admin levels. At my previous employer we created a TWikiSuprtAdminGroup that had the TWikiAdminGroup privileges, and a number of per department admin groups.

-- PeterThoeny - 06 Apr 2006

Has there been any implementation of this suggestion? At my company, we have Support staff who need to verify customers' registered e-mail addresses on the Wiki, but they have no business being Admins. Personally, I'd like to see a WebPreference setting that allows/denies certain groups to see user e-mails:

ALLOWEMAILVIEW = This.Group, That.Group 

DENYEMAILVIEW = This.Group, That.Group
 

-- JamieBenjamin - 2010-04-15

This is an old question page, better open a new question.

-- PeterThoeny - 2010-06-14