Priority: Security
Current State: Closed
Released In: 2.0.0
Target Release: major
Not sure what's going on, but I used More topic actions -> Edit Setttings button and set an "ALLOWTOPICVIEW". Confirmed with raw=all, that the setting was saved.
Then edited the topic, and made a minor change. Reviewed the settings with raw=all and the ACL has been dropped
Recreated it with 3 settings:
* #Set BLERG = Blah
* #Set ALLOWTOPICCHANGE = AdminGroup,GeorgeClark
* #Set ALLOWTOPICVIEW = AdminGroup,CrawfordCurrie,GeorgeClark
The non-ACL setting is saved. The ALLOW* settings are both stripped.
Topic with the issue:
GitUserMap Since discovering this issue, I added an inline set for the VIEW auth since this topic exposes a private email.
--
GeorgeClark - 24 Nov 2014
Reviewing the edit on trunk, the Permissions settings panel is all set to Default, even though existing Meta ACLs exist in the topic. So I suspect that this is a
NatEdit issue.
(And the
CommentPlugin is busted. I was unable to post this comment on trunk. strikeone validation failed )
--
GeorgeClark - 24 Nov 2014
In how far is this task related to
CommentPlugin?
--
MichaelDaum - 24 Nov 2014
Not at all. I removed CommentPlugin completely (
pseudo-install.pl -u CommentPlugin
) and it still happens.
(BTW I also tried removing
NatEdit (disabled NatEditPlugin and the companion JQueryPlugin plugin) and the edit was too much of a mess to be useable)
Further: tried
pseudo-install -u NatEditPlugin
and disabled the
JQueryPlugin plugin in LSC. Edit-save and it worked fine (ACLs retained)
--
Main.CrawfordCurrie - 24 Nov 2014 - 09:11