Feature Proposal: TWiki::Store::saveAttachment can optionally ignore permissions

Motivation

In some special cases, we need to allow people who don't have topic change permission to save attachments. E.g. When a user doesn't have topic change permission views a page having DirectedGraphPlugin, it leads to oops page.

Description and Documentation

Just like TWiki::Store::saveTopic checkes "$options->{ignorePermissions}", we can also make TWiki::Store::saveAttachment bypass checking access permission according to its "$opts->{ignorePermissions}" value.

Examples

1. Make TWiki session disabled by setting $cfg{UseClientSessions} = 0
2. Create a topic with below content

<dot >
digraph G {
    subgraph cluster_c0 {a0 -> a1 -> a2 -> a3}
    subgraph cluster_c1 {
        b0 -> b1 -> b2 -> b3;
        label="Group B";
    }
    x -> a0 [style=dotted];
    x -> b0;
    a1 -> a3 [style=bold, label="a1 to a3"];
    a3 -> a0;
    a0 [shape=box, fontname=Courier, fontsize=11];
    a1 [color=red];
    a3 [label="Label\nfor a3"];
    label="Cole's Example";
}
</dot> 
<!--
   * Set ALLOWTOPICCHANGE = Main.YaojunFei
-->

Impact

Implementation

1. Check "$opts->{ignorePermissions}" in "TWiki::Store::saveTopic". If true, then skip $this->{session}->security->checkAccessPermission check.
2. Pass in "$opts->{ignorePermissions}" when invoking "$this->saveTopic"

-- Contributors: Yaojun Fei - 2013-03-14

Discussion