Tags:
create new tag
view all tags

Question

I've just finished installing twiki for an intranet and have 8 webs. I'm using external authentication (i.e. apache) and everything in that realm is working fine. However, none of the access controls for "view" are working. Both Topic and Web view access is not being honoured... anybody have ideas on how I can debug this? I should note that change access controls are working. As an example... I have a web SISTeam/Internal... webpreferences include:
* Set ALLOWWEBVIEW = SISTeamGroup
* Set ALLOWWEBCHANGE = TWikiAdminGroup, SISTeamGroup
and
* Set ALLOWWEBRENAME = TWikiAdminGroup, SISTeamGroup...
but as a non-SISTeamGroup user I can view the web and it's contents. I have also seen this if I add Set ALLOWTOPICVIEW = someGroup to a topic... it is still viewable. I can forward configure to those that need it for more information.

Environment

TWiki version: TWikiRelease04x00x05
TWiki plugins: SpreadSheetPlugin, CommentPlugin, EditTablePlugin, InterwikiPlugin, PreferencesPlugin, SlideShowPlugin, SmiliesPlugin, TablePlugin
Server OS: Debian 3.1.r3 kernel 2.6.17.13
Web server: Apache 2.0.54
Perl version: 5.8.4
Client OS: Windows XP2 Pro, MacOSX, Debian 3.x, Ubuntu 5.x, 6.x
Web Browser: Firefox 1.5.0.8
Categories: Authorisation

-- RamonKagan - 13 Nov 2006

Answer

ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

What scripts require authentication? If you do not require valid user for the view script and you do no session tracking there is no way for TWiki to know who the user is in view, e.g. an authenticated user in the edit script is seen as TWikiGuest by the view script. See TWikiUserAuthentication for various options.

-- PeterThoeny - 14 Nov 2006

HI,

attach,edit,manage,rename,save,upload,viewauth,rdiffauth are in the configure for requiring authentication. I require a valid user using "RemoteUser" for everything in this deployment.

Sessions are enabled, and I have verified that RamonKagan is being set correctly.

It seems that ALLOWTOPICVIEW is working, seems if you don't put the three spaces and * the Set command is ignore... that is my bad on still learning twiki. However, the ALLOWWEBVIEW in the web preferences pages is not working. BTW, when you deny web view does that mean the web doesn't show in the left bar or that attempt to access the web they would be denied. I gather it is the latter, but want to make sure.

-- RamonKagan - 15 Nov 2006

It works, honest wink If a user is caught by DENYWEBVIEW the web will not be listed in the left bar.

-- CrawfordCurrie - 21 Nov 2006

Ok, but I'm not using DENYWEBVIEW since the list of "ALLOW" is like 50 times smaller than "DENY". So I guess the question is... does the rule "If ALLOWWEB is set to a list of wikinames

* people in the list will be PERMITTED * everyone else will be DENIED"

actually work? That's the situation I'm faced with.

-- RamonKagan - 22 Nov 2006

Yes, it works.

-- CrawfordCurrie - 16 Dec 2006

Change status to:
WebForm
SupportStatus AnsweredQuestions
Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r7 - 2006-12-16 - CrawfordCurrie
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.