This question about Authentication or Authorisation, Documentation: Task filed
Access Denied
--
AntonioVega - 03 Aug 2016
For no apparent reason today, regular (non Admin) users can not create topics one any web. not even using wildcards * on ALLOW...=* variables on WebPreferences. SitePreferences do not have Access variables set.
It is a relatively clean/new setup, so no former topics were loaded, Access control in configure is based on Topic
--
AntonioVega - 03 Aug 2016
Is there any chance that a template topic is denied read access? Does it go immediately to an access denied message, or do you get another login request? What exactly does the denied message state?
Access check on "???.???" failed.
Action "???": access not allowed on ??? by user ???
--
GeorgeClark - 03 Aug 2016
This is what the server delivers
Access Denied
Attention
Access check on "System.WebTopicEditTemplate" failed.
Action "VIEW": access not allowed on web by user UsuarioPrueba.
To login as another user please do so here.
Contact if you have any questions.
Related topics: WikiGroups, AccessControl
If a new wiki Word is in a topic , it will deliver the above message
If the wiki Word is in the goto box, first it will take you to a regular empty view screen with create instead of edit, but upon clicking on it , it will deliver the above message.
The tamplate is the default that comes with the package.
All templates under templates subdir are www-data user/gorup/other read (chmod 444 *)
Also, if the topic already exist, regular users can edit it.
--
AntonioVega - 03 Aug 2016
Okay, so it is the Edit Template that got restricted somehow. Take a look at
System.WebTopicEditTemplate?raw=all
and see if there are any restrictions in the topic contents or meta.
--
GeorgeClark - 03 Aug 2016
This is the content of System.WebTopicEditTemplate?raw=all
%META:TOPICINFO{author="BaseUserMapping_999" comment="" date="1462235100" format="1.1" version="1"}%
-- %WIKIUSERNAME% - %DATE%
--
AntonioVega - 03 Aug 2016
The one thing I might comment , just in case, is that yestarday I had to manually delete an user from wiki users topic using a user under GroupAdmin, today another user registered by himself and no apparent problema occourred.
--
AntonioVega - 03 Aug 2016
double check the formatting of the
WikiUsers topic. view it in raw mode. Make sure that the indentation is all correct and that there are no blank lines within the list of users, and that the alpha order is maintained. Note for future reference that in 2.x,
ManagingUsers has a form that can be used to remove a registered user. Also make sure that the System web is not view restricted. If someone changed the access permissions on the System web that would also block access to the
WebTopicEditTemplate.
--
GeorgeClark - 03 Aug 2016
George, I did it to myself: I wanted to limit the view of webs only to the ones relevant for the users, since System web is rather technical I decided ALLOWWEBVIEW only to Admin Group. Once I changed back to the original setting, the problem was gone. Thanks
--
AntonioVega - 04 Aug 2016
Looks like that is a topic we missed. We made a pass through the System web adding an ALLOWTOPICVIEW = * to any topics that were critical to operation in a "restricted" system web.
--
GeorgeClark - 04 Aug 2016
Fixed under
Item14128.
--
GeorgeClark - 04 Aug 2016