Item9598: Add ignorepermissions option to suppress acl checks in Func::saveTopic

In the bad old days, you could suppress ACL checks by setting the $Foswiki::Plugins::SESSION->{user} to undef. This would allow you to save a topic with ACL checks, useful if you have to do your own.

This is no longer possible. All saves require a user, and if you undef the logged-in user you have no-one to save against. However, being able to save with access control checks - is critical to some wikiapps (ok, to CommentPlugin, but I'm sure there are others)

Because overwriting the Foswiki object this way is fraught with danger, I propose to remove this undocumented "feature" and instead add a ignorepermissions option to Foswiki::Func::saveTopic. Note that readTopic already ignores access permissions.

The ACL checks are performed in Foswiki::Func and making this change is a lot lower risk than explicitly supporting the undef-user approach.

Note I appreciate this could be interpreted as a new feature, given that the "old way" was undocumented. However it is such an important thing to get right that I consider it critical for the 1.1 release. I consider it to be too late for 1.0.10, otherwise I would have recommended it for inclusion there as well.

-- CrawfordCurrie - 31 Aug 2010

Commenting is disabled while not logged in