You are here: Foswiki>Tasks Web>Item13847 (02 Dec 2016, GeorgeClark)Edit Attach

Item13847: Users::isInUserList: does not work with cUID entries

Priority: Normal
Current State: Confirmed
Released In: 2.2.0
Target Release: minor
Applies To: Engine
Component: FoswikiUsers
Reported By: JanKrueger
Waiting For:
Last Change By: GeorgeClark
ACL checks go through, eventually, Foswiki::Users::isInUserList. This works by iterating over the list, converting each entry to a cUID, and comparing that against the target user's cUID.

This is all perfect if the list does not contain any cUIDs, but if it does, the conversion can fail (the cUID is not a valid WikiName or login name and its cUID-ness is not checked) and then the entry resolves to UnknownUser. So, cUIDs can end up not working in ACLs.

There are two straightforward ways to change this:

  • Do an extra comparison against the raw list entry (which will succeed if the entry is a cUID or happens to be identical to the user's WikiName or login name)
  • Change the cUID conversion to use Foswiki::Func::getCanonicalUserID instead of $this->getCanonicalUserID because the former includes a check to allow for a cUID as input.

Patch 1:

--- a/lib/Foswiki/        2015-11-11 11:49:30.745086162 +0100
+++ b/lib/Foswiki/        2015-11-11 11:31:50.311639693 +0100
@@ -650,6 +650,7 @@
         if ( $ident eq '*' ) {
             return 1;
+        return 1 if ( $ident eq $cUID );
         my $identCUID = $this->getCanonicalUserID($ident);

Patch 2:

--- a/lib/Foswiki/        2015-11-11 11:49:30.745086162 +0100
+++ b/lib/Foswiki/        2015-11-11 16:43:00.980076136 +0100
@@ -651,7 +651,7 @@
             return 1;
-        my $identCUID = $this->getCanonicalUserID($ident);
+        my $identCUID = Foswiki::Func::getCanonicalUserID($ident);
         if ( defined $identCUID ) {
             return 1 if ( $identCUID eq $cUID );

-- JanKrueger - 11 Nov 2015


-- GeorgeClark - 02 Dec 2016

ItemTemplate edit

Summary Users::isInUserList: does not work with cUID entries
ReportedBy JanKrueger
Codebase trunk
SVN Range
AppliesTo Engine
Component FoswikiUsers
Priority Normal
CurrentState Confirmed
TargetRelease minor
ReleasedIn 2.2.0
Topic revision: r2 - 02 Dec 2016, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy