Edgewall Software

Ticket #3005 (closed defect: invalid)

Opened 3 years ago

Last modified 3 years ago

Fine grained permissions don't work on wiki

Reported by: mark@… Owned by: jonas
Priority: normal Milestone:
Component: general Version: 0.9.4
Severity: normal Keywords:
Cc:

Description

testcase

Create a page, let's say mogg. This page shall only be visible to two users... 

# excerpt of trac.ini
[trac]
authz_file = /var/lib/trac/test/conf/authz.conf

# authz.conf
[/]
* = r

[/wiki/mogg]
* =
mark = rw
work = r

expected behaviour

Anonymous cannot view that page.

actual behaviour

Anonymous is able to view that page, too.

notes

  • Setting authz_module_name does not change anything.
  • Neither [mogg] nor [/mogg] nor [/wiki/mogg] nor any equivalent with module-name works.
  • I've restarted apache between every run.

Attachments

Change History

Changed 3 years ago by eblot

  • status changed from new to closed
  • resolution set to invalid

FineGrainedPermissions only apply to repository files, not to Wiki pages.

Use TracPermissions (trac-admin or WebAdmin plugin) to define access rights to Wiki page (per-page permissions is not available for wiki pages)

Changed 3 years ago by coderanger

What you are looking for is the WikiRbacPatch? on trac-hacks.org

Changed 3 years ago by mark@…

  • summary changed from Fine grained permission don't work (security hole) to Fine grained permissions don't work on wiki

You're right. I've mixed these two RBAC things up due to the similiarity in names.

Please accept my apologies.

Add/Change #3005 (Fine grained permissions don't work on wiki)

Author



Change Properties
<Author field>
Action
as closed
Next status will be 'reopened'
to The owner will change from jonas. Next status will be 'closed'
 
Note: See TracTickets for help on using tickets.