Item13192: Issue with If statement access checks
Priority: Urgent
Current State: No Action Required
Released In: n/a
Target Release: n/a
IfStatements appears to use two formats for ACL checks interchangably
* %IF{"'%TOPIC%' allows 'CHANGE'" then=" foswikiHasChangePermission" else=" foswikiHasNoChangePermission"}%
* %IF{"'TOPIC' allows 'CHANGE'" then=" foswikiHasChangePermission" else=" foswikiHasNoChangePermission"}%
- foswikiHasNoChangePermission
- foswikiHasNoChangePermission
The first form, using the %TOPIC macro works, the 2nd format does not. Not sure if this is a documentation issue or breakage in the %IF
The second thing I've noticed, The Guest is reported as having change permission.
--
GeorgeClark - 09 Jan 2015
And now I'm completely baffled. This is copied verbatim from a topic on my test system, and I'm getting completely different results. It works fine here on trunk.foswiki.org.
No... something strange is going on. I added the restriction to
NotAUser, Now I get different results. I've commented out the restriction, but remove the above comment to observe the issue.
--
GeorgeClark - 09 Jan 2015
Okay. 'TOPIC' definitely does not work on trunk. I gets used as a literal topic name. Because the topic does not exist, then ALLOWCHANGE inherits the web permissions. If the user allows change to the Web, then TOPIC has change permission.
As far as Guest permissions goes, it seems to be similarly related, but in this case 'TOPIC' has change permission even for guests.
--
GeorgeClark - 09 Jan 2015
This is a dumb user error. No action. Will clarify the examples a bit on the catch-all documentation task.
--
GeorgeClark - 09 Jan 2015