Item13847: Users::isInUserList: does not work with cUID entries
Priority: Normal
Current State: Confirmed
Released In: 2.2.0
Target Release: minor
ACL checks go through, eventually,
Foswiki::Users::isInUserList
. This works by iterating over the list, converting each entry to a cUID, and comparing that against the target user's cUID.
This is all perfect if the list does not contain any cUIDs, but if it does, the conversion can fail (the cUID is not a valid WikiName or login name and its cUID-ness is not checked) and then the entry resolves to
UnknownUser. So, cUIDs can end up not working in ACLs.
There are two straightforward ways to change this:
- Do an extra comparison against the raw list entry (which will succeed if the entry is a cUID or happens to be identical to the user's WikiName or login name)
- Change the cUID conversion to use
Foswiki::Func::getCanonicalUserID
instead of $this->getCanonicalUserID
because the former includes a check to allow for a cUID as input.
Patch 1:
--- a/lib/Foswiki/Users.pm 2015-11-11 11:49:30.745086162 +0100
+++ b/lib/Foswiki/Users.pm 2015-11-11 11:31:50.311639693 +0100
@@ -650,6 +650,7 @@
if ( $ident eq '*' ) {
return 1;
}
+ return 1 if ( $ident eq $cUID );
my $identCUID = $this->getCanonicalUserID($ident);
Patch 2:
--- a/lib/Foswiki/Users.pm 2015-11-11 11:49:30.745086162 +0100
+++ b/lib/Foswiki/Users.pm 2015-11-11 16:43:00.980076136 +0100
@@ -651,7 +651,7 @@
return 1;
}
- my $identCUID = $this->getCanonicalUserID($ident);
+ my $identCUID = Foswiki::Func::getCanonicalUserID($ident);
if ( defined $identCUID ) {
return 1 if ( $identCUID eq $cUID );
--
JanKrueger - 11 Nov 2015
Confirming.
--
GeorgeClark - 02 Dec 2016