Access Denied

-- AntonioVega - 03 Aug 2016

For no apparent reason today, regular (non Admin) users can not create topics one any web. not even using wildcards * on ALLOW...=* variables on WebPreferences. SitePreferences do not have Access variables set.

It is a relatively clean/new setup, so no former topics were loaded, Access control in configure is based on Topic

-- AntonioVega - 03 Aug 2016

Is there any chance that a template topic is denied read access? Does it go immediately to an access denied message, or do you get another login request? What exactly does the denied message state?

Access check on "???.???" failed.

Action "???": access not allowed on ??? by user ???

-- GeorgeClark - 03 Aug 2016

This is what the server delivers

Access Denied


Attention 

Access check on "System.WebTopicEditTemplate" failed. 
Action "VIEW": access not allowed on web by user UsuarioPrueba. 
To login as another user please do so here. 
Contact  if you have any questions. 
Related topics: WikiGroups, AccessControl 

If a new wiki Word is in a topic , it will deliver the above message

If the wiki Word is in the goto box, first it will take you to a regular empty view screen with create instead of edit, but upon clicking on it , it will deliver the above message.

The tamplate is the default that comes with the package.

All templates under templates subdir are www-data user/gorup/other read (chmod 444 *)

Also, if the topic already exist, regular users can edit it.

-- AntonioVega - 03 Aug 2016

Okay, so it is the Edit Template that got restricted somehow. Take a look at System.WebTopicEditTemplate?raw=all and see if there are any restrictions in the topic contents or meta.

-- GeorgeClark - 03 Aug 2016

This is the content of System.WebTopicEditTemplate?raw=all

%META:TOPICINFO{author="BaseUserMapping_999" comment="" date="1462235100" format="1.1" version="1"}%


-- %WIKIUSERNAME% - %DATE%

-- AntonioVega - 03 Aug 2016

The one thing I might comment , just in case, is that yestarday I had to manually delete an user from wiki users topic using a user under GroupAdmin, today another user registered by himself and no apparent problema occourred.

-- AntonioVega - 03 Aug 2016

double check the formatting of the WikiUsers topic. view it in raw mode. Make sure that the indentation is all correct and that there are no blank lines within the list of users, and that the alpha order is maintained. Note for future reference that in 2.x, ManagingUsers has a form that can be used to remove a registered user. Also make sure that the System web is not view restricted. If someone changed the access permissions on the System web that would also block access to the WebTopicEditTemplate.

-- GeorgeClark - 03 Aug 2016

George, I did it to myself: I wanted to limit the view of webs only to the ones relevant for the users, since System web is rather technical I decided ALLOWWEBVIEW only to Admin Group. Once I changed back to the original setting, the problem was gone. Thanks

-- AntonioVega - 04 Aug 2016

Looks like that is a topic we missed. We made a pass through the System web adding an ALLOWTOPICVIEW = * to any topics that were critical to operation in a "restricted" system web.

-- GeorgeClark - 04 Aug 2016

Fixed under Item14128.

-- GeorgeClark - 04 Aug 2016

Commenting is disabled while not logged in