Item9598: Add ignorepermissions
option to suppress acl checks in Func::saveTopic
Priority: Enhancement
Current State: Closed
Released In: 1.1.0
Target Release: minor
Applies To: Engine
Component:
Branches:
In the bad old days, you could suppress ACL checks by setting the $Foswiki::Plugins::SESSION->{user} to undef. This would allow you to save a topic with ACL checks, useful if you have to do your own.
This is no longer possible. All saves require a user, and if you undef the logged-in user you have no-one to save against. However, being able to save with access control checks - is critical to some wikiapps (ok, to CommentPlugin, but I'm sure there are others)
Because overwriting the Foswiki object this way is fraught with danger, I propose to remove this undocumented "feature" and instead add a
ignorepermissions
option to Foswiki::Func::saveTopic. Note that
readTopic
already ignores access permissions.
The ACL checks are performed in
Foswiki::Func
and making this change is a lot lower risk than explicitly supporting the undef-user approach.
Note I appreciate this could be interpreted as a new feature, given that the "old way" was undocumented. However it is such an important thing to get right that I consider it critical for the 1.1 release. I consider it to be too late for 1.0.10, otherwise I would have recommended it for inclusion there as well.
--
CrawfordCurrie - 31 Aug 2010