Item10241: No permission to view WebLeftBar, WebTopBarExample when blocking System web to group
|| No Action Required
On occasion, I and my users will go to our wiki url, and find that the page contents are displayed correctly, but that we lack permission to view Main.WebLeftBar and Foswiki.WebTopBarExample ('Foswiki' is my renamed %SYSTEMWEB%).
See screenshot: http://img38.imageshack.us/f/nopermission.png/
This seems, anecdotally, to happen most often after a user has closed his browser (without logging out), and then returns to the site many hours (a day?) later. The problem is resolved by manually entering a logout URL, or clearing the browser cache and cookies. This has happened in Firefox 3.6 and Chrome, but likely affects other browsers, too.
All of my webs, including Main and Foswiki ( %SYSTEMWEB%), are protected as follows:
Set ALLOWWEBCHANGE = Admin
Set ALLOWWEBRENAME = Admin
Set ALLOWWEBVIEW = Staff
These are flat groups, which come from my ldap server via the LdapContrib
- 11 Jan 2011
I have all webs incl System web blocked for access at our production site at the office and I have never seen this.
So either there is a specific place where the renaming of System web suddenly causes trouble OR it is the special LDAP setup that does not correctly see the people in Staff.
If I were you I would not set an ALLOWWEBVIEW on the System (Foswiki in your case) web. I would either keep it open OR set a DENYWEBVIEW = WikiGuest
There is no security reason at all to hide the System web unless you start putting confidencial stuff in it. The design of Foswiki assumes anyone can see the System web.
Anyone can go on the Internet and find ANY Foswiki incl foswiki.org and read the content of System web. There is no sain reason to hide it from view.
If a user in any situation is not member of the staff group you have this problem. But it is a bit self inflicted. I am downgrading this to normal and asking for more feedback on when this is happening.
There has been some bugs related to groups that will be fixed in 1.1.3. I cannot say if this improved this one. But urgent it is not. It is not at all a good idea to limit view access to System web to a group.
- 26 Jan 2011
I'll try setting DENYWEBVIEW=WikiGuest and see if that fixes it. While I agree that there is nothing particularly sensitive or important in the system web, it is a customer facing portal for us and it is hard to explain to customers why this part of it is public.
Moreover, I don't really want to waste my bandwidth on providing documentation to random people.
- 08 Feb 2011
It sounds as though there is some disconnect between the Foswiki sessions, their expiration and the browser cache, etc. You mention LDAP, how are you actually handling Login? Through apache, or through Template login, or ?? What are some of your Cookie and session parameters set to:?
- 21 Mar 2011
No feedback in nearly a year. Please re-open if this is still an issue. Setting to No Action
- 07 Mar 2012