You are here: Foswiki>Tasks Web>Item10906 (17 Dec 2011, GeorgeClark)Edit Attach

Item10906: Adding incorrect user to a group kills WikiGroups

pencil
Priority: Normal
Current State: Closed
Released In: 1.1.4
Target Release: patch
Applies To: Engine
Component: FoswikiMeta, TopicUserMappingContrib
Branches:
Reported By: AndrewJones
Waiting For:
Last Change By: GeorgeClark
Sorry, title isn't very clear. Here are the reproduction steps:

  1. Create a new group with the following users (or similar): Main.AndrewJones, Main.Others...
  2. View WikiGroups as a non-admin user

You will then get an error in your browser, and the following in your FW error log:

Can't call method "get" on an undefined value at /work/local/foswiki/Release01x01/core/lib/Foswiki/Meta.pm line 583

Its the Main.Others... that causes the problem.

Tested with the latest code in Release01x01 branch, and with released 1.1.3. Not tested with trunk.

-- AndrewJones - 21 Jun 2011

It fails on trunk as well. The issue appears to be caused by the 2nd dot (Others..) causes Others to be treated as a parent web, and it attempts to check DENYWEB for Others/ and fails to load preferences because the web doesn't exist. Not sure yet where the fix is needed.

-- GeorgeClark - 21 Jun 2011

Committed a fix. I believe it's safe to assume that TopicUserMapping - when checking Group and User authorization - only needs to check topics in the UsersWeb. TopicUserMapper uses sandbox function to validate the user or group name. Since we accept anything in the groups - to support other mappers, and/or pre-adding users to groups before they exist, we can't really enforce this on entry.

-- GeorgeClark - 21 Jun 2011
 

ItemTemplate edit

Summary Adding incorrect user to a group kills WikiGroups
ReportedBy AndrewJones
Codebase 1.1.3, trunk
SVN Range
AppliesTo Engine
Component FoswikiMeta, TopicUserMappingContrib
Priority Normal
CurrentState Closed
WaitingFor
Checkins distro:6e417294bf99 distro:30aece0f8138
TargetRelease patch
ReleasedIn 1.1.4
Topic revision: r6 - 17 Dec 2011, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy