Tags:
create new tag
view all tags

Feature Proposal: Introducing web admin for higher web autonomy

Motivation

On a large TWiki installation having thousands of webs, webs need to be as autonomous as possible. To that end, it's handy to have users like TWIkiAdminGroup members but only for a web.

Description and Documentation

A user mapping handler can have its own isAdmin() method, which is called from the the method of the same name of TWiki::Users class. However, isAdmin() currently takes only cUID as its argument. There is no way to be an admin of one web but not for others.

The goal can be achieved if the isAdmin($cUID) method has 2nd and 3rd arguments for topic and web respectively. Specifically, core/lib/TWiki/Access.pm's checkAccessPermission() would be: 

    if( $this->{session}->{users}->isAdmin( $user, $topic, $web ) ) {
And core/lib/TWiki/Users.pm's isAdmin() would be modified accordingly.

isAdmin() of existing user mapping handlers keep working ignoring $topic and $web.

Examples

There are several ways to specify web admins such as on RepositoryForSiteAndWebMetadata and LDAP.

Directly specifying web admin group

isAdmin() of the user mapping handler would check if the user is in the group or not.

Controlling who can act on behalf of admin

If a TWiki site employs UserMasquerading, there would be no admin group for a web per se. Let's assume such a site having "admin" as a member of the Main.TWikiAdminGroup.

When a web admin exercises their privilege, they act on behalf of "admin". isAdmin() determines if the user can masquerade identity on the web. If the user can, the user is regarded as "admin" hence isAdmin() returns true.

Having both web admins and user masquerading

If UserSubwebs is in action, even if UserMasquerading is turned on, on a user web, the owner should have admin privilege.

Impact

WhatDoesItAffect: Security

Implementation

-- Contributors: HideyoImazu - 2012-06-28

It turned out that enhancements needed for UserMasquerading is the superset of enhancements needed for this. As such, this proposal shares the Bugs web entry with UserMasquerading.

Code changes made to the TWiki core is explained on UserMasquerading covers the changes needed for this feature.

Discussion

Sensible enhancement. How do you enable/disable web-specific admins?

-- PeterThoeny - 2012-07-01

Good point. It's now mentioned at the Examples section.

-- HideyoImazu - 2012-07-04

This is now accepted by 7 days feedback period.

-- PeterThoeny - 2012-07-11

ChangeProposalForm
TopicClassification FeatureRequest
TopicSummary Introducing web admin for higher web autonomy
CurrentState MergedToCore
CommittedDeveloper HideyoImazu
ReasonForDecision AcceptedBy7DayFeedbackPeriod
DateOfCommitment 2012-06-28
ConcernRaisedBy

BugTracking Bugs:Item6904
OutstandingIssues

RelatedTopics

InterestedParties

ProposedFor JerusalemRelease
TWikiContributors

Edit | Attach | Watch | Print version | History: r10 < r9 < r8 < r7 < r6 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r10 - 2013-02-18 - HideyoImazu
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.