You are here: Foswiki>Tasks Web>Item13108 (05 Jul 2015, GeorgeClark)Edit Attach

Item13108: Trunk edit strips manually added META ACLs on the next save

pencil
Priority: Security
Current State: Closed
Released In: 2.0.0
Target Release: major
Applies To: Extension
Component: NatEditPlugin
Branches: master
Reported By: GeorgeClark
Waiting For:
Last Change By: GeorgeClark
Not sure what's going on, but I used More topic actions -> Edit Setttings button and set an "ALLOWTOPICVIEW". Confirmed with raw=all, that the setting was saved.

Then edited the topic, and made a minor change. Reviewed the settings with raw=all and the ACL has been dropped

Recreated it with 3 settings:
   * #Set BLERG = Blah
   * #Set ALLOWTOPICCHANGE = AdminGroup,GeorgeClark
   * #Set ALLOWTOPICVIEW = AdminGroup,CrawfordCurrie,GeorgeClark

The non-ACL setting is saved. The ALLOW* settings are both stripped.

Topic with the issue: GitUserMap Since discovering this issue, I added an inline set for the VIEW auth since this topic exposes a private email.

-- GeorgeClark - 24 Nov 2014

Reviewing the edit on trunk, the Permissions settings panel is all set to Default, even though existing Meta ACLs exist in the topic. So I suspect that this is a NatEdit issue.

(And the CommentPlugin is busted. I was unable to post this comment on trunk. strikeone validation failed )

-- GeorgeClark - 24 Nov 2014

In how far is this task related to CommentPlugin?

-- MichaelDaum - 24 Nov 2014

Not at all. I removed CommentPlugin completely ( pseudo-install.pl -u CommentPlugin ) and it still happens.

(BTW I also tried removing NatEdit (disabled NatEditPlugin and the companion JQueryPlugin plugin) and the edit was too much of a mess to be useable)

Further: tried pseudo-install -u NatEditPlugin and disabled the JQueryPlugin plugin in LSC. Edit-save and it worked fine (ACLs retained)

-- Main.CrawfordCurrie - 24 Nov 2014 - 09:11

 

ItemTemplate edit

Summary Trunk edit strips manually added META ACLs on the next save
ReportedBy GeorgeClark
Codebase trunk
SVN Range
AppliesTo Extension
Component NatEditPlugin
Priority Security
CurrentState Closed
WaitingFor
Checkins distro:c6528110c12e
TargetRelease major
ReleasedIn 2.0.0
CheckinsOnBranches master
trunkCheckins
masterCheckins distro:c6528110c12e
ItemBranchCheckins
Release01x01Checkins
Topic revision: r5 - 05 Jul 2015, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy