You are here: Foswiki>Tasks Web>Item13108 (05 Jul 2015, GeorgeClark)Edit Attach

Item13108: Trunk edit strips manually added META ACLs on the next save

Priority: Security
Current State: Closed
Released In: 2.0.0
Target Release: major
Applies To: Extension
Component: NatEditPlugin
Branches: master
Reported By: GeorgeClark
Waiting For:
Last Change By: GeorgeClark
Not sure what's going on, but I used More topic actions -> Edit Setttings button and set an "ALLOWTOPICVIEW". Confirmed with raw=all, that the setting was saved.

Then edited the topic, and made a minor change. Reviewed the settings with raw=all and the ACL has been dropped

Recreated it with 3 settings:
   * #Set BLERG = Blah
   * #Set ALLOWTOPICCHANGE = AdminGroup,GeorgeClark
   * #Set ALLOWTOPICVIEW = AdminGroup,CrawfordCurrie,GeorgeClark

The non-ACL setting is saved. The ALLOW* settings are both stripped.

Topic with the issue: GitUserMap Since discovering this issue, I added an inline set for the VIEW auth since this topic exposes a private email.

-- GeorgeClark - 24 Nov 2014

Reviewing the edit on trunk, the Permissions settings panel is all set to Default, even though existing Meta ACLs exist in the topic. So I suspect that this is a NatEdit issue.

(And the CommentPlugin is busted. I was unable to post this comment on trunk. strikeone validation failed )

-- GeorgeClark - 24 Nov 2014

In how far is this task related to CommentPlugin?

-- MichaelDaum - 24 Nov 2014

Not at all. I removed CommentPlugin completely ( -u CommentPlugin ) and it still happens.

(BTW I also tried removing NatEdit (disabled NatEditPlugin and the companion JQueryPlugin plugin) and the edit was too much of a mess to be useable)

Further: tried pseudo-install -u NatEditPlugin and disabled the JQueryPlugin plugin in LSC. Edit-save and it worked fine (ACLs retained)

-- Main.CrawfordCurrie - 24 Nov 2014 - 09:11


ItemTemplate edit

Summary Trunk edit strips manually added META ACLs on the next save
ReportedBy GeorgeClark
Codebase trunk
SVN Range
AppliesTo Extension
Component NatEditPlugin
Priority Security
CurrentState Closed
Checkins distro:c6528110c12e
TargetRelease major
ReleasedIn 2.0.0
CheckinsOnBranches master
masterCheckins distro:c6528110c12e
Topic revision: r5 - 05 Jul 2015, GeorgeClark - This page was cached on 26 Oct 2016 - 02:32.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License