Item9598: Add ignorepermissions option to suppress acl checks in Func::saveTopic

Priority: Enhancement
Current State: Closed
Released In: 1.1.0
Target Release: minor
Applies To: Engine
Reported By: CrawfordCurrie
Waiting For:
Last Change By: KennethLavrsen
In the bad old days, you could suppress ACL checks by setting the $Foswiki::Plugins::SESSION->{user} to undef. This would allow you to save a topic with ACL checks, useful if you have to do your own.

This is no longer possible. All saves require a user, and if you undef the logged-in user you have no-one to save against. However, being able to save with access control checks - is critical to some wikiapps (ok, to CommentPlugin, but I'm sure there are others)

Because overwriting the Foswiki object this way is fraught with danger, I propose to remove this undocumented "feature" and instead add a ignorepermissions option to Foswiki::Func::saveTopic. Note that readTopic already ignores access permissions.

The ACL checks are performed in Foswiki::Func and making this change is a lot lower risk than explicitly supporting the undef-user approach.

Note I appreciate this could be interpreted as a new feature, given that the "old way" was undocumented. However it is such an important thing to get right that I consider it critical for the 1.1 release. I consider it to be too late for 1.0.10, otherwise I would have recommended it for inclusion there as well.

-- CrawfordCurrie - 31 Aug 2010


ItemTemplate edit

Summary Add ignorepermissions option to suppress acl checks in Func::saveTopic
ReportedBy CrawfordCurrie
Codebase trunk
SVN Range
AppliesTo Engine
Priority Enhancement
CurrentState Closed
Checkins distro:ea2c548cce28
TargetRelease minor
ReleasedIn 1.1.0
Topic revision: r6 - 04 Oct 2010, KennethLavrsen
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy