Item11885: Ambiguous Foswiki ACLs confuse MongoDB ACL cache

Priority: Enhancement
Current State: New
Released In: n/a
Target Release: n/a
Applies To: Extension
Component: MongoDBPlugin
Reported By: PaulAlexander
Waiting For:
Last Change By: PaulAlexander
We just had some trouble opening up a web to WikiGuest.

  • FungiMap/Taxa/WebPreferences had ALLOWWEBVIEW = FungiMapGroup, DENYWEBVIEW = WikiGuest
    • FungiMap/Taxa/BDRS/WebPreferences had ALLOWWEBVIEW = WikiGuest, no DENYWEBVIEW set
      • FungiMap/Taxa/BDRS/<all topics> had
        %META:PREFERENCE{name="DENYTOPICVIEW" title="DENYTOPICVIEW" type="Set" value=" "}%

This search (on FungiMap/Taxa/BDRS/BDRSGrid) would show topics for admin users, but not wikiguest:

WikiGuest was able to directly view Eg. FungiMap/Taxa/BDRS/Amanita_austroviridisBDRS but this topic would not appear in SEARCH results.

We were able to get WikiGuest to see SEARCH results after setting FungiMap/Taxa/BDRS/WebPreferences with an empty DENYWEBVIEW setting, and removing the empty DENYTOPICVIEW META:PREF from individual topics.

-- PaulAlexander - 22 May 2012

To clarify, in addition to clearing DENYWEBVIEW in the web's WebPreferences, it seems that the space in the value as here:
%META:PREFERENCE{name="DENYTOPICVIEW" title="DENYTOPICVIEW" type="Set" value=" "}%
prevents MongoDBPlugin from showing such a topic in the results, whereas

Correctly includes a topic set this way in the search results

-- PaulAlexander - 22 May 2012


ItemTemplate edit

Summary Ambiguous Foswiki ACLs confuse MongoDB ACL cache
ReportedBy PaulAlexander
Codebase trunk
SVN Range
AppliesTo Extension
Component MongoDBPlugin
Priority Enhancement
CurrentState New
TargetRelease n/a
ReleasedIn n/a
Topic revision: r1 - 22 May 2012, PaulAlexander - This page was cached on 20 Oct 2020 - 10:57.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy