• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item5598: "Set ALLOWTOPICVIEW" has strange behavior in form editing

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Engine   Urgent No Action Required   patch  

Edit Form Data

Summary:
Reported By:
Codebase:
Applies To:
Component:
Priority:
Current State:
Waiting For:
Target Release:
Released In:
 

Detail

I used
<input type="hidden" name="action" value="form" />
in my form (also with templatetopic & formtemplate parameter) and I expect to edit the form only but bring in my topic template content in background.

If I doesn't include " * Set ALLOWTOPICVIEW %WIKIUSERNAME%" in the topic template, basically I can get into the form edit. (there is another problem reported in Item5547)

If I include " * Set ALLOWTOPICVIEW %WIKIUSERNAME%" in the topic template, I will receive a "no 'view' privilege" message that I think it is wrong in 4.2! If I apply the same test in 4.1.2. It doesn't give me a message but only a strange page like below!
StrangeBlankPageIn412.jpg

BTW, administrator can get into the form edit page normally without any privilege error or strange blank page.

-- TWiki:Main/MagicYang - 02 May 2008

I don't understand the report, and I suspect no-one else will be able to either. The image is too blurry to make anything out, and "* Set ALLOWTOPICVUEW %WIKIUSERNAME%" doesn't mean anything to TWiki, so I don't understand the relevance.

Please try to build a testcase in the LitterTray web of this site to demonstrate the problem.

-- CrawfordCurrie - 10 May 2008

Sorry that I didn't make my question clearly.....I will try again!

Because I am not the admin of LitterTray, I can't make my test case in LitterTray exactly the same as in my TWiki installation. But maybe you can try it.

Please look at TestTopicWithActionParam first. The button in it will create a new topic (ex: TestTopicWithActionParamByMagicYang) base on template topic 'EvaluationTemplate' and a form template 'MyForm'. I want to edit the new topic in form only but bring in my topic template content (ACL setting) in background.

Currently there are 2 lines in EvaluationTemplate (Set ALLOWTOPICCHANGE = %WIKIUSERNAME% && Set VIEW_TEMPLATE=...) and they are not bring in into new topic (This problem is reported in Item5547)! But when I add ( * Set ALLOWTOPICVIEW = %WIKIUSERNAME%) into EvaluationTemplate, there is another problem!

The problem occurs only when the user (who press the button) is not an administrator.

  • In 4.1.2, a strange blank page (only banner icon and footer action bar are shown) appear!
  • In 4.2, system tell me that I don't have 'view' privilege to see the new created topic!

It's wired and I think I (who press the button) should be the only one who can view and change the new created topic! Am I wrong?

Hope that you can understand what I want to do and you can re-produce it in your TWiki installation!!

-- TWiki:Main.MagicYang - 11 May 2008

I see that you reported two bugs in Item5547. One was fixed and you refer to what appeared to you to be another above. Please don't do that; for tracking, we need each report to relate to only one bug.

Anyway, it's not a bug. You put the access control into an HTML comment in the template, which gets stripped out when the template is instantiated. I believe you can escape such a comment using %NOP% in the template e.g. <%NOP%!-- comment --&t.

This is actually the same thing that is causing your issue with the access controls, i suspect. If you * Set ALLOWTOPICVIEW = %WIKIUSERNAME% in the template topic you are restricting view access to that topic to a non-user called %WIKIUSERNAME%. VIEW access is required to instantiate a template topic, so you get an access violation when you try to create a new topic based on that template.

The solution is to use %NOP% in the template topic to "defuse" the * Set statement. For example:

   *%NOP% Set ALLOWTOPICVIEW = %WIKIUSERNAME%

I modified your example in the litterTray web to demonstrate this.

No action.

-- TWiki:Main.CrawfordCurrie - 12 May 2008

Crawford,

Thanks for your remind and explanation. I add the code into my template and it works. But I think it is still a bug in 4.1.2 because it doesn't show proper access control message but a blank page instead.

-- TWiki:Main.MagicYang - 13 May 2008

Understood, and I agree, it's a bug in 4.1.2. Unfortunately nobody releases patches to older releases (except in the case of severe security bugs).

-- CrawfordCurrie - 13 May 2008

ItemTemplate
Summary "Set ALLOWTOPICVIEW" has strange behavior in form editing
ReportedBy TWiki:Main.MagicYang
Codebase 4.1.2, 4.2.0
SVN Range TWiki-5.0.0, Thu, 01 May 2008, build 16756
AppliesTo Engine
Component

Priority Urgent
CurrentState No Action Required
WaitingFor

Checkins

TargetRelease patch
ReleasedIn

Edit | Attach | Watch | Print version | History: r6 < r5 < r4 < r3 < r2 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r6 - 2008-05-13 - CrawfordCurrie
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback