You are here: Foswiki>Tasks Web>Item2073 (24 Jun 2010, CrawfordCurrie)Edit Attach

Item2073: Protect deleted topic/attachments that had access

pencil
Priority: Normal
Current State: No Action Required
Released In:
Target Release: n/a
Applies To: Engine
Component:
Branches:
Reported By: VickiBrown
Waiting For:
Last Change By: CrawfordCurrie
(We're using TWiki 4.2.4. Unless you've already tackled this issue, Foswiki will have it too.)

Currently all deleted topic/attachments go into the same web regardless of their previous access control.

This causes protected topics and attachments to lose their "protected" status.

Suggestion: create a TrashSecure web, which is viewable only by the TWikiAdmin group regardless of permissions on regular Trash. When an attachment or topic is deleted it will go into TrashSecure if there were any view access control on the relevant topic.

By default the Trash web is set to admingroup-only, which seems to be a sufficient solution for most sites. I believe this change happened prior to TWiki 4.2.4, so you must have relaxed the permissions on the Trash web to be able to view these attachments.

It's not a perfect solution (unless you are using viewfile, attachments can't be protected anyway) but it's sufficient for most.

No action.

-- CrawfordCurrie - 24 Jun 2010

ItemTemplate edit

Summary Protect deleted topic/attachments that had access
ReportedBy VickiBrown
Codebase
SVN Range Foswiki-1.0.0, Thu, 08 Jan 2009, build 1878
AppliesTo Engine
Component
Priority Normal
CurrentState No Action Required
WaitingFor
Checkins
TargetRelease n/a
ReleasedIn
Edit  | Attach | Print version | History: r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r2 - 24 Jun 2010, CrawfordCurrie
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy