Tags:
create new tag
view all tags

Feature Proposals » checkAccessPermissionHandler

Summary

Current State: Developer: Reason: Date: Concerns By: Bug Tracking: Proposed For:
MergedToCore CalvinSo AcceptedBy7DayFeedbackPeriod 2021-11-19   Item7935 LimaRelease

Detail

TopicSummary: checkAccessPermissionHandler
CurrentState: MergedToCore
CommittedDeveloper: CalvinSo
ReasonForDecision: AcceptedBy7DayFeedbackPeriod
DateOfCommitment: 2021-11-19
ConcernRaisedBy:  
BugTracking: Item7935
OutstandingIssues:  
RelatedTopics:  
InterestedParties:  
ProposedFor: LimaRelease
TWikiContributors:  

Edit Form

TopicSummary:
CurrentState:
CommittedDeveloper:
ReasonForDecision:
DateOfCommitment:   Format: YYYY-MM-DD
ConcernRaisedBy:
BugTracking:
OutstandingIssues:
RelatedTopics:
InterestedParties:
ProposedFor:
TWikiContributors:
 

Motivation

I'm working on a plugin blocking access to webs based on web metadata on the metadata repository. With some webs, the plugin causes ALLOWWEB* and ALLOWTOPIC* to be ignored and allows only super admins to access. This kind of TWiki::Access behavior change needs a new handler.

viewRedirectHandler and viewFileRedirectHandler can do the job to some extent, but they don't block INCLUDE.

Description and Documentation

TWiki::Access:checkAccessPermission() will call checkAccessPermissionHandler so that a plugin can override TWiki::Access behavior.

A plugin will become able to have... 

sub checkAccessPermissionHandler {
# my ($mode, $user, $text, $meta, $topic, $web) = @_;

If a checkAccessPermissionHandler() in a plugin doesn't have a say about permit/deny, it returns a false value. If it determines the access is to be permitted or denied, it returns a hash reference. 

my $hRes = {
    result  => 1, # 1 means permitted, 0 means denied.
    failure => 'failure string', # needed when access is denied.
    isAdmin => undef,
        # 1 means the user is determined to be an admin, 0 means the user is not an admin, undef means not determined.
        # If defined, this will be cached so that TWiki::Access::Helper::isAdmin() will make use of the value.
    cacheTopicLevel => 0,
        # A true value causes the result to be cached at the topic level. A false value prevent the result to be cached at the topic level.
    cacheWebLevel => 0,
        # A true value causes the result to be cached at the web level. A false value prevent the result to be cached at the web level.
};

Examples

Impact

WhatDoesItAffect: API

Implementation

-- Contributors: Calvin So - 2021-11-19

Discussion

This is a reasonable enhancement request. Question is where in the access check chain the handler should be added. Possibly at the very beginning?

HideyoImazu-san any feedback?

-- Peter Thoeny - 2021-11-20

I am planning to add handler dispatch after below lines where it checks if it is cached. my $result = $helper->prologue; if ( defined $result ) { return $helper->epilogue($result); }

-- Calvin So - 2021-11-24

CalvinSo is working with me. I've put details of the design above. You can see the nature of this enhancement better.

-- Hideyo Imazu - 2021-12-13

ChangeProposalForm
TopicClassification FeatureRequest
TopicSummary checkAccessPermissionHandler
CurrentState MergedToCore
CommittedDeveloper CalvinSo
ReasonForDecision AcceptedBy7DayFeedbackPeriod
DateOfCommitment 2021-11-19
ConcernRaisedBy

BugTracking Item7935
OutstandingIssues

RelatedTopics

InterestedParties

ProposedFor LimaRelease
TWikiContributors

Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r7 - 2021-12-23 - CalvinSo
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.