Question

We would like to be able to control access to a Web using a group defined on that same web. In TWiki3 we were able to do something like this:

*Set ALLOWWEBVIEW = %WEB%.UserGroup

and it worked fine. In TWiki4 (Dakar) this no longer works. We've tracked all the way to Users->findUser. It deals with the %MAINWEB% variable by ditching it and always looking in Main. If we have other variables though, they never get expanded.

Is this a bug or the way things are now? I wasn't sure if this was a bug, so I thought I would post here to see if its a (my) usuage issue.

Environment

-- EricHanson - 31 Aug 2006

Answer

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

I could have sworn I commented on this topic yesterday :-/

Anyway, here's what I said.

In your example above, you are mixing up %WEB% and %MAINWEB%. Which is it?

As stated in the TWiki-3 documentation, TWiki groups are defined by topics in the %MAINWEB% web. There was a bug in TWiki-3 that allowed groups to be defined in other webs in certain circumstances, but this was a bug (and a security hole), which has been fixed in TWiki-4.

Because groups can now be defined externally (e.g. by a remote LDAP server) we are unlikely to support this usage - unless you can make an utterly convincing case for a change (in Codev).

-- CrawfordCurrie - 02 Sep 2006

You did in the bug site, still not sure which is the bste place to put this issue.

We are using TWiki as the Centrally supported Wiki option for professors and students. We have very strict guidelines regarding student privacy so we have taken advantage of putting the Group Access List within the class Web to prevent public searching from ever finding or seeing who is part of a class. Now you are saying this won't be supported in TWiki4? You mention the reason is that it was a security hole, how so? Do you have another way to protect access to Class lists?

We hacked the Perl code a bit and were able to put a work-around in place, but we are really hoping for a better solution to be part of the ongoing TWiki code. We are really happy with all the other features in TWiki4 as well as the flexibility TWiki gives us for use on our campus.

-- EricHanson - 11 Sep 2006

Bugs go in the bugs web; questions in the support web; requests for features in Codev. If what I suggested in bugs web doesn't work out, please open a new feature request in codev.

-- CrawfordCurrie - 11 Sep 2006

If anyone wanted to see the bug item they referenced above, it's Bugs:Item2835.

-- LynnwoodBrown - 11 Sep 2006