Bug: If you use read-restricted webs (i.e. ALLOWWEBVIEV ist set to XY in WebPreferences) diff won't work
Reported by ChristianKohl:If you use read-restricted webs (i.e. ALLOWWEBVIEV ist set to XY in WebPreferences) diff won't work. Although authenticated you always get a "view access denied" error. This bug(?) has already been described in DiffsFunctionDoesNotAuthenticateProperly for Bejing release. The patch supplied there is not applicable to Cairo release since the code has moved from bin/rdiff to lib/TWiki/UI/Rdiff.pm and has been significantly changed as well.-- ChristianKohl - 06 Sep 2004
- We are not using SpeedyCGI or anything else "out of the ordinary". -- ChristianKohl - 20 Sep 2004
Test case
- Make sure you are using basic authentication - set
$doRememberRemoteUser = 0inTWiki.cfgand disable all authenticating plugins (SiteMinderPlugin, SessionPlugin, SmartSessionPlugin, LoginNameAliasesPlugin etc) - Create a new web and set a restrictive
ALLOWWEBVIEVin its WebPreferences - Try to diff any page (you can use one of the default pages, WebNotify for instance)
Environment
| TWiki version: | TWikiRelease01Sep2004 |
| TWiki plugins: | DefaultPlugin, EmptyPlugin, InterwikiPlugin |
| Server OS: | Debian 3.11 |
| Web server: | Apache 1.3.31 |
| Perl version: | 5.8 |
| Client OS: | All |
| Web Browser: | All |
Follow up
I have no problems with diff in authenticated webs. I am using SmartSessionPlugin, but perhaps just enabling$doRememberRemoteUser in TWiki.cfg will make diff work?
-- SteffenPoulsen - 06 Sep 2004
Since most of our users are using dynamic IPs remembering the remote user won't help us much. The SmartSessionPlugin is not installed at our site.
-- ChristianKohl - 07 Sep 2004
I tried to describe a testcase above, but haven't checked the procedure myself.
-- SteffenPoulsen - 07 Sep 2004
Yes, the testcase above mirrors our installation.
-- ChristianKohl - 07 Sep 2004
Support.AcessDeniedInPerlScripts is a support request for this issue.
If you are using SpeedyCGI, you can't authenticate rdiff as long as this bug is not solved. SmartSessionPlugin apparently can't pass the authentication parameters to rdiff.
So in other words, if you would like to be able to rdiff in authenticated webs, it looks like $doRememberRemoteUser = 1 in TWiki.cfg or the workaround at this page (authenticating all diffs) are two ways to proceed at present.
-- SteffenPoulsen - 19 Sep 2004
Workaround
Add an entry for rdiff in bin/.htaccess:<Files "rdiff"> require valid-user </Files>-- ArthurClemens - 19 Sep 2004 This workaround will make rdiff work in authenticated webs, as it will require authentication any time a user requests rdiff (i.e. in public webs too). -- SteffenPoulsen - 19 Sep 2004 I think it has to be included in the installation documentation. -- AndrzejGoralczyk - 19 Sep 2004 Thanks Arthur! This workaround does the trick. Looks like the Upgrade script did not copy the rdiff-entry ... . -- ChristianKohl - 20 Sep 2004
Fix record
| WebForm | |
|---|---|
| TopicClassification | BugReport |
| TopicSummary | Bug: If you use read-restricted webs (i.e. ALLOWWEBVIEV ist set to XY in WebPreferences) diff won't work |
| InterestedParties | ChristianKohl |
| AssignedTo | |
| AssignedToCore | |
| ScheduledFor | |
| RelatedTopics | DiffsFunctionDoesNotAuthenticateProperly, AcessDeniedInPerlScripts |
| SpecProgress | 0% |
| ImplProgress | 0% |
| DocProgress | 0% |
Topic revision: r10 - 2004-09-20 - ChristianKohl
Site map
Blog web
Create New Topic
Index
Search
Advanced search
My topics of interest
Changes
Major changes only
All tags
Notifications
RSS Feed
Statistics
Preferences
Community 
Readme first
Developers News
How you can help
Community roles
#twiki IRC
Lima Release
Feature Proposals
Bugs Changes
Categories 
Account 
Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.