Ticket #843 (closed defect: fixed)

Opened 4 years ago

Last modified 2 years ago

Read/write ACLs for individual wiki users are broken

Reported by: DarTar Owned by: BrianKoontz
Priority: high Milestone: 1.3.1
Component: authentication Version: 1.3
Severity: major Keywords:
Cc:

Description

As of the latest revision in trunk, it's impossible to restrict access to a page so that only a list of registered users can read it or write it. ACL wildcards work fine, while the following: 

DarTar
DarTar2
DarTar3

won't allow any of these users to access the page (unless one is admin).

Attachments

Wakka.class.php.diff Download (396 bytes) - added by myffical 3 years ago.

Change History

  Changed 4 years ago by DarTar

  • milestone changed from 1.2 to 1.3

Retargeting to 1.3. Code for this ticket may have already been committed to trunk, from which 1.3 will be branched. Consider backporting urgent issues to 1.2.X

  Changed 3 years ago by BrianKoontz

  • milestone changed from 1.3 to 1.4

Changed 3 years ago by myffical

  Changed 3 years ago by myffical

Seems to be due to a one-line typo in 1.3. When corrected, multi-user ACLs works as expected for me.

  Changed 3 years ago by BrianKoontz

(In [1660]) Variable typo fixed (thanks myffical). Refs #843.

  Changed 3 years ago by BrianKoontz

  • owner changed from unassigned to BrianKoontz
  • status changed from new to assigned

  Changed 3 years ago by BrianKoontz

  • status changed from assigned to testing
  • version changed from trunk to 1.3
  • milestone changed from 1.4 to 1.3

  Changed 3 years ago by DotMG

  • status changed from testing to assigned

Actually, ACLs are case sensitive, and this can lead to confusion, it's not always natural to know the exact camelcasing of a WikiName. IMO, it should really be case insensitive, and the code change should be simple enough by adding strtolower on both side of the equal signs. I mark the ticket as failed for now.

  Changed 3 years ago by BrianKoontz

(In [1681]) ACL userlists made case-insensitive. Refs #843.

  Changed 3 years ago by BrianKoontz

(In [1682]) Minor light CSS change to reduce size of ACL textareas. Refs #843.

  Changed 3 years ago by BrianKoontz

  • status changed from assigned to testing

  Changed 3 years ago by TormodHaugen

Testing:

Multiline /multi-user ACL works. Entries are not case sensitive.

Seems to work nice.

follow-up: ↓ 14   Changed 3 years ago by DarTar

see also #1003, what happens if someone registers a username containing a newline?

  Changed 3 years ago by GeorgePetsagourakis

Basically the ACL (aka permissions) system should be revamped and be completely based on the Database. I have described this in #613 .

in reply to: ↑ 12   Changed 3 years ago by BrianKoontz

Replying to DarTar:

see also #1003, what happens if someone registers a username containing a newline?

All non-printable ASCII chars need to be excluded in the IsWikiName() regexp.

  Changed 2 years ago by BrianKoontz

  • milestone changed from 1.3 to 1.3.1

Updated milestone to 1.3.1

  Changed 2 years ago by BrianKoontz

(In [1765]) The following characters are not permitted as part of usernames or pagenames: [ ] { } % + | ? = < > ' " / 0x00-0x1f 0x7f , Refs #191, #843

  Changed 2 years ago by BrianKoontz

  • status changed from testing to commit

  Changed 2 years ago by BrianKoontz

  • status changed from commit to closed
  • resolution set to fixed

  Changed 2 years ago by BrianKoontz

(In [1784]) Merged 1.3.1 changes into trunk ([1765]-[1780],[1782]). Refs #191, #843, #1040, #1041, #38, #1042, #1043, #1018, #1045, #208, #415, #1039, #189

Note: See TracTickets for help on using tickets.