Item10906: Adding incorrect user to a group kills WikiGroups
Priority: Normal
Current State: Closed
Released In: 1.1.4
Target Release: patch
Sorry, title isn't very clear. Here are the reproduction steps:
- Create a new group with the following users (or similar):
Main.AndrewJones, Main.Others...
- View WikiGroups as a non-admin user
You will then get an error in your browser, and the following in your FW error log:
Can't call method "get" on an undefined value at /work/local/foswiki/Release01x01/core/lib/Foswiki/Meta.pm line 583
Its the
Main.Others...
that causes the problem.
Tested with the latest code in Release01x01 branch, and with released 1.1.3. Not tested with trunk.
--
AndrewJones - 21 Jun 2011
It fails on trunk as well. The issue appears to be caused by the 2nd dot (Others..) causes Others to be treated as a parent web, and it attempts to check DENYWEB for Others/ and fails to load preferences because the web doesn't exist. Not sure yet where the fix is needed.
--
GeorgeClark - 21 Jun 2011
Committed a fix. I believe it's safe to assume that
TopicUserMapping - when checking Group and User authorization - only needs to check topics in the UsersWeb.
TopicUserMapper uses sandbox function to validate the user or group name. Since we accept anything in the groups - to support other mappers, and/or pre-adding users to groups before they exist, we can't really enforce this on entry.
--
GeorgeClark - 21 Jun 2011