Access control confusion questions

I am trying to learn more about the TWiki access control (AC) settings. I think I am noticing some inconsistencies on how AC is applied (example below).

Also, I have noticed that if I restrict a web view/change/rename to a group, and that group is able to change topics within that web, they are able to make any topic viewable by TWikiGuest. Is this the expected behavior?

It appears that the ALLOWTOPICVIEW setting in a topic overrides the ALLOWWEBVIEW in the web preferences even if ALLOWWEBVIEW is in the final preferences setting. If I add ALLOWTOPICVIEW to the final preferences in the we preferences then the topic's ALLOWTOPICVIEW can not override the setting (see an exception to this behavior in the example below). Is this how it is intended to be use? The documentation says that FINALPREFERENCES is only for web settings and not for topic settings.

Inconsistency example:

1. When I restrict web/topic view/change/rename settings in the web preferences settings to the admin group and add them to finalsettings, topics in that web are not viewable. Expected behavior.

1. If I try to override the ALLOWTOPICVIEW in a topic, in the same web, the topic is still not visible if accessed directly. I tried this with the TWiki.WebTopBar topic (twiki/bin/view/TWiki/WebTopBar). Expected behavior.

1. If I view Main.WebHome, the TWiki.WebTopBar is visible if it has an ALLOWTOPICVIEW = TWikiGuest even if the final settings in TWiki web prevents that. Unexpected behavior

1. If I remove the ALLOWTOPICVIEW = TWikiGuest from the TWiki.WebTopBar topic, it is not viewable in Main.WebHome. Expected behavior.

Is this normal?

I enabled the debug output in Access.pm and I also outputted the sub checkAccessPermission parameters and this is what I get:

If I try to directly access /twiki/bin/view/TWiki/WebTopBar:

==========================
 $this = TWiki::Access=HASH(0x8ad366c)
 $mode = VIEW
 $user = BaseUserMapping_666
 $text = %META:TOPICINFO{author="ShahimEssaid" date="1210189783" format="1.1" reprev="1.6" version="1.6"}%
 %META:TOPICPARENT{}%
 <table border="0" cellpadding="0" cellspacing="0" style="width:100%; margin-top:12px;">
 <tr><td valign="middle"><span id="twikiLogo" class="twikiImage"><a href="%WEBLOGOURL%"><img src="%WEBLOGOIMG%" border="0" alt="%WEBLOGOALT%" style="border:none;" /></a></span></td>
 <td align="right" valign="top" class="patternMetaMenu">
 <noautolink>
    * <form name="jumpForm" action="%SCRIPTURLPATH{"view"}%/%BASEWEB%/%BASETOPIC%"><input id="jumpFormField" type="text" class="twikiInputField" name="topic" value="" size="18" /><noscript>&nbsp;<input type="submit" class="twikiButton" size="5" name="submit" value="%MAKETEXT{"Jump"}%" />&nbsp;</noscript>
    </form>
    * <form name="quickSearchForm" action="%SCRIPTURLPATH{view}%/%INCLUDINGWEB%/WebSearch"><input type="text" class="twikiInputField" id="quickSearchBox" name="search" value="" size="18" /><input type="hidden" name="scope" value="all" /><input type="hidden" name="web" value="%BASEWEB%" /><noscript>&nbsp;<input type="submit" size="5" class="twikiButton" name="submit" value="%MAKETEXT{"Search"}%" />&nbsp;</noscript>
    </form>
    * %INCLUDE{%SYSTEMWEB%.LanguageSelector}%
 </noautolink></td></tr></table>

    * Set ALLOWTOPICVIEW = %USERSWEB%.TWikiGuest

 [Wed May  7 15:34:59 2008] view: Use of uninitialized value in concatenation (.) or string at /my/webs/essaid.com/family/www/docroot/twiki/lib/TWiki/Access.pm line 105.
 $meta =
 $topic = WebTopBar
 $web = TWiki
  ==========================

 Check VIEW access BaseUserMapping_666 to [[TWiki.WebTopBar]]
 access not allowed on web

If I try to access /twiki/bin/view/Main/WebHome:

 $this = TWiki::Access=HASH(0x8ad431c)
 $mode = VIEW
 $user = BaseUserMapping_666
 $text = <table border="0" cellpadding="0" cellspacing="0" style="width:100%; margin-top:12px;">
 <tr><td valign="middle"><span id="twikiLogo" class="twikiImage"><a href="%WEBLOGOURL%"><img src="%WEBLOGOIMG%" border="0" alt="%WEBLOGOALT%" style="border:none;" /></a></span></td>
 <td align="right" valign="top" class="patternMetaMenu">
 <noautolink>
    * <form name="jumpForm" action="%SCRIPTURLPATH{"view"}%/%BASEWEB%/%BASETOPIC%"><input id="jumpFormField" type="text" class="twikiInputField" name="topic" value="" size="18" /><noscript>&nbsp;<input type="submit" class="twikiButton" size="5" name="submit" value="%MAKETEXT{"Jump"}%" />&nbsp;</noscript>
    </form>
    * <form name="quickSearchForm" action="%SCRIPTURLPATH{view}%/%INCLUDINGWEB%/WebSearch"><input type="text" class="twikiInputField" id="quickSearchBox" name="search" value="" size="18" /><input type="hidden" name="scope" value="all" /><input type="hidden" name="web" value="%BASEWEB%" /><noscript>&nbsp;<input type="submit" size="5" class="twikiButton" name="submit" value="%MAKETEXT{"Search"}%" />&nbsp;</noscript>
    </form>
    * %INCLUDE{%SYSTEMWEB%.LanguageSelector}%
 </noautolink></td></tr></table>

    * Set ALLOWTOPICVIEW = %USERSWEB%.TWikiGuest
 $meta = TWiki::Meta=HASH(0x8db825c)
 $topic = WebTopBar
 $web = TWiki

  ==========================

 Check VIEW access BaseUserMapping_666 to [[TWiki.WebTopBar]]
 in ALLOWTOPIC

Notice the difference between the not allowed on web and the in topic despite the similar topic/web/user parameters

Is this normal?

Thanks

Environment

-- ShahimEssaid - 07 May 2008

Answer

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

A little more info although I am not familiar with the TWiki code and objects.

When the /twiki/bin/view/Main/WebHome page is called (which contains TWiki.WebTopBar in the upper left corner) there is already a $meta object passed to the checkAccessPermission sub in Access.pm. This $meta object is used later in sub loadPrefsFromText in PrefsCache.pm.

On the other hand, when /twiki/bin/view/TWiki/WebTopBar is called directly, there is no $meta object passed to checkAccessPermission. A $meta object is then created in loadPrefsFromText in PrefsCache.pm.

This difference in the $meta object is causing the call to /twiki/bin/view/Main/WebHome to ignore the permissions set in the TWiki.WebPreferences (or using the ones from Main.WebPreferences instead) and simply taking the ALLOWTOPICVIEW from the TWiki.WebTopBar topic when that setting is present.

I am not sure what the $meta object is for but the end result is that the permissions are not correct. Does the meta object contain the WebPreferences for the initial Main web (in case of a call to /twiki/bin/view/Main/WebHome) and the access control is based on the Main.WebPreferences instead of TWiki.WebPreferences for the TWiki.WebTopBar topic portion of the Main.WebHome ?

-- ShahimEssaid - 07 May 2008

If the issue is the $meta object, how can I prevent the same $meta object from being used across different webs for a single topic request?

-- ShahimEssaid - 07 May 2008

Shahim, this looks like an inconsistency. TWiki 4 changed the access control rules. At least one change resulted in some confusion (that includes myself): If a DENYTOPICVIEW is set to empty, everybody is allowed to view the topic, regardless of an ALLOWTOPICVIEW setting.

You seem to be versed in Perl, so we'd love to get you involved with the TWikiCommunity! Please ReadmeFirst and start contributing in the Codev web.

-- PeterThoeny - 11 May 2008

Closing this question after more than 30 days of inactivity. Please feel free to re-open if necessary.

-- PeterThoeny - 23 Jul 2008