[pmwiki-users] UserAuth2 and WikiCalendar problem

IchBin weconsultants at gmail.com
Tue Jun 12 11:21:52 CDT 2007


ThomasP wrote:
> On Mon, June 11, 2007 20:47, IchBin wrote:
>> ThomasP wrote:
>>> On Tue, June 5, 2007 20:02, IchBin wrote:
>>>> IchBin wrote:
>>>>
>>>> Not sure if I mentioned this Thomas but as an 'admin' user there is no
>>>> security problem posting a formatted item to the WikiCalendar using the
>>>> (:wikilogbox:) markup. Guess this would rule out any non normalized
>>>> page
>>> This is indeed quite good to know!!!
>>>
>>>> url. The problem is only with a regular user even though they have a
>>>> 'ed_Calendar.*' rule. I mean the format of the calendar days is
>>>> 'Calendar.yyyymmdd'.
>>>>
>>> I have tested that 'Calendar.20071111' matches 'Calendar.*' with the UA2
>>> functions, so no problems from the pattern check to be expected. It
>>> would
>>> thus indeed be very interesting to know where the problem stems from.
>>>
>> ...
>> 'Calendar.*' for rule 'ed_Calendar.*'. I think the rule is fine because
>> if I do not use the (:wikilogbox:) markup to add or update a calendar
>> date page I get no security error and works as designed..
>>
>> Doing this with out the (:wikilogbox:) markup you do:
>>
>> - Select a day on the visible calendar on the
>> 'Calendar/Calendar' page. This opens or creates a calendar date page.
>> - Enter my text and save on that page and there is no problem.
>> - After this it displays on the visual calendar and by using the
>> (:thisweek:) markup.
>>
>> If I take that rule out of this group I can not do what I just mentioned
>> above. So the rule is fine there is a one-to-one relationship by having
>> or not having that rule.
> 
> That is logical - so the rule itself and its interpretation by UA2 seems
> not lacking.
> 
>> Seems that the problem is the interaction between the (:wikilogbox:) and
>> UserAuth2.
>>
> 
> Yes. To put a clear statement on this I would say:
> 
> If the UA2 module indeed denies Calendar/20071111 or whatever on level
> edit though ed_Calendar.* is specified in a respective user perm record,
> then it is a UA2 problem and I will find the solution. (Could
> theoretically happen as part of variable interference. Is improbably
> though - I just had a look in the WikiCalendar code, and nothing looks
> suspicious.)
> 
> If however you get insufficient privileges with something else (for
> example with a permission level that is not known to (not registered with)
> UA2, much more probable from what I can see), then it is the
> responsibility of WikiCalendar to make sure the right parameters are
> delivered, or at least to set a default permission level mapping like
> 
> HandleAuth['wikilog'] = ...; // whatever is useful, for example 'edit'
> 
> [If you got a newer version of UA2, then activating the logging with
> $HTMLFooterFmt[] (search for "PERM" in userauth2.php) will tell you what
> exactly is blocked.]
> 
> Thomas

Not to be missing anything I have this output _<below>_. I am not given 
authorization.

- When trying to update with the markup for formated message to a 
calendar page:
UA2ErrorLog: 'Access to Calendar/20070612 at level edit NOT granted. '


- Be interesting to find out what is supposed to be uploaded every 
screen refresh:
UA2ErrorLog: 'Warning: Someone asking for permission for unknown level 
'upload'. Refused.


- Wondering if this is a problem with the period or just displaying a 
period at the end the sentence as part of the display message:
UA2ErrorLog: 'Loading perm record for WET. '

- Is this wrong? I would figure this is a content page:
UA2ErrorLog: 'Calendar/20070612 is a content page: no '


Here is what I captured and when:
_____________________________________________________________________________________________
LOAD OF PMWIKI TO FIRST PAGE:
_____________________________________________________________________________________________
UA2ErrorLog: 'Loading perm record for GuestUsers. '
UA2ErrorLog: 'Someone trying to access page Site.Login at level read. '
UA2ErrorLog: 'Site.Login is a content page: no '
UA2ErrorLog: 'Access to Site.Login at level read granted. '

_____________________________________________________________________________________________
AFTER LOGIN WITH 'WET' ACCOUNT NAME:
_____________________________________________________________________________________________
UA2ErrorLog: 'Loading perm record for GuestUsers. '
UA2ErrorLog: 'Someone trying to access page Main.HomePage at level read. '
UA2ErrorLog: 'Main.HomePage is a content page: yes '
UA2ErrorLog: 'CheckUserPerms user WET page Main.HomePage level read... '
UA2ErrorLog: 'CheckUserPerms user GuestUsers page Main.HomePage level 
read... '
UA2ErrorLog: 'CheckUserPerms user admin page Main.HomePage level read... '
UA2ErrorLog: 'Access to Main.HomePage at level read granted. '
UA2ErrorLog: 'CheckUserPerms user WET page Main.GroupFooter level read... '
UA2ErrorLog: 'CheckUserPerms user GuestUsers page Main.GroupFooter level 
read... '
UA2ErrorLog: 'CheckUserPerms user admin page Main.GroupFooter level 
read... '
UA2ErrorLog: 'CheckUserPerms user WET page Main.GroupHeader level read... '
UA2ErrorLog: 'CheckUserPerms user GuestUsers page Main.GroupHeader level 
read... '
UA2ErrorLog: 'CheckUserPerms user admin page Main.GroupHeader level 
read... '
UA2ErrorLog: 'CheckUserPerms user WET page Site.SideBar level read... '
UA2ErrorLog: 'CheckUserPerms user GuestUsers page Site.SideBar level 
read... '
UA2ErrorLog: 'CheckUserPerms user admin page Site.SideBar level read... '
UA2ErrorLog: 'CheckUserPerms user WET page Main.HomePage level admin... '
UA2ErrorLog: 'CheckUserPerms user LoggedInUsers page Main.HomePage level 
admin... '
UA2ErrorLog: 'Loading perm record for WET. '
UA2ErrorLog: 'CheckUserPerms user admin page Main.HomePage level admin... '
UA2ErrorLog: 'CheckUserPerms user WET page Site.PageActions level read... '
UA2ErrorLog: 'CheckUserPerms user GuestUsers page Site.PageActions level 
read... '
UA2ErrorLog: 'CheckUserPerms user admin page Site.PageActions level 
read... '
UA2ErrorLog: 'Warning: Someone asking for permission for unknown level 
'upload'. Refused. '

_____________________________________________________________________________________________
AFTER SELECTING THE CALENDAR LINK
_____________________________________________________________________________________________
UA2ErrorLog: 'Loading perm record for GuestUsers. '
UA2ErrorLog: 'Someone trying to access page Calendar.Calendar at level 
read. '
UA2ErrorLog: 'Calendar.Calendar is a content page: yes '
UA2ErrorLog: 'CheckUserPerms user WET page Calendar.Calendar level read... '
UA2ErrorLog: 'CheckUserPerms user GuestUsers page Calendar.Calendar 
level read... '
UA2ErrorLog: 'CheckUserPerms user admin page Calendar.Calendar level 
read... '
UA2ErrorLog: 'Access to Calendar.Calendar at level read granted. '
UA2ErrorLog: 'CheckUserPerms user WET page Calendar.GroupFooter level 
read... '
UA2ErrorLog: 'CheckUserPerms user GuestUsers page Calendar.GroupFooter 
level read... '
UA2ErrorLog: 'CheckUserPerms user admin page Calendar.GroupFooter level 
read... '
UA2ErrorLog: 'CheckUserPerms user WET page Calendar.GroupHeader level 
read... '
UA2ErrorLog: 'CheckUserPerms user GuestUsers page Calendar.GroupHeader 
level read... '
UA2ErrorLog: 'CheckUserPerms user admin page Calendar.GroupHeader level 
read... '
UA2ErrorLog: 'CheckUserPerms user WET page Calendar.Calendar level 
admin... '
UA2ErrorLog: 'CheckUserPerms user LoggedInUsers page Calendar.Calendar 
level admin... '
UA2ErrorLog: 'CheckUserPerms user admin page Calendar.Calendar level 
admin... '
UA2ErrorLog: 'Warning: Someone asking for permission for unknown level 
'upload'. Refused. '

_____________________________________________________________________________________________
AFTER SUBMITTING FORMATED MESSAGE:
_____________________________________________________________________________________________
UA2ErrorLog: 'Loading perm record for GuestUsers. '
UA2ErrorLog: 'Someone trying to access page Calendar/20070612 at level 
edit. '
UA2ErrorLog: 'Calendar/20070612 is a content page: no '
UA2ErrorLog: 'CheckUserPerms user WET page Calendar/20070612 level edit... '
UA2ErrorLog: 'CheckUserPerms user GuestUsers page Calendar/20070612 
level edit... '
UA2ErrorLog: 'CheckUserPerms user admin page Calendar/20070612 level 
edit... '
UA2ErrorLog: 'CheckUserPerms user LoggedInUsers page Calendar/20070612 
level edit... '
UA2ErrorLog: 'CheckUserPerms user admin page Calendar/20070612 level 
edit... '
UA2ErrorLog: 'Access to Calendar/20070612 at level edit NOT granted. '
UA2ErrorLog: 'CheckUserPerms user WET page Calendar/20070612 level 
admin... '
UA2ErrorLog: 'CheckUserPerms user LoggedInUsers page Calendar/20070612 
level admin... '
UA2ErrorLog: 'CheckUserPerms user admin page Calendar/20070612 level 
admin... '
UA2ErrorLog: 'Warning: Someone asking for permission for unknown level 
'upload'. Refused. '





More information about the pmwiki-users mailing list