Item935: Func::saveTopicText ignorepermissions is not working as advertised
Priority: Urgent
Current State: Closed
Released In: 1.1.0
Target Release: minor
Applies To: Engine
Component:
Branches:
Func::saveTopicText()
's ignore-permission-feature does not work as advertised. If you set $ignorePermissions to 1,
Func::saveTopicText()
will not check permissions, but the underlying
Save::saveTopic()
will.
I don't know, if this ever worked. Obviously nobody is missing it.
If somebody confirms this behaviour, I will clarify the inline docco.
It's easy to circumvent this problem with the following code:
# sudo :)
my $user_backup = $session->{user};
$session->{user} = Foswiki::Func::getCanonilcaUserID("SomePriviledgedUser"));
my $oops = Foswiki::Func::saveTopicText( $web, $topic, $text, 0, 0 );
# un-sudo
$session->{user} = $user_backup;
Dunno how this ended up as low priority. Raised to Urgent.
MichaelDaum noted that this function also ends up with permissions being checked twice.
--
CrawfordCurrie - 24 Jul 2009
This behaviour is actually different in trunk; the access rights that are checked are those expressed in the
new topic text, instead of the old. I assume from the date of Oliver's report that he was testing 1.0.x, so that must be something different. I have added a unit test to 1.1.
--
CrawfordCurrie - 06 Aug 2009
ignorepermissions is not checked for saveTopic
--
CrawfordCurrie - 02 Sep 2010