Context Navigation

Modify ↓

#6766 closed defect (fixed)

TitleIndex macro is not using Permissions

Reported by:	digiqr+trac@…	Owned by:	Christian Boos
Priority:	normal	Milestone:	0.11
Component:	wiki system	Version:	0.11b1
Severity:	minor	Keywords:	permission
Cc:		Branch:
Release Notes:
API Changes:
Internal Changes:

Description

I'm using TracFineGrainedPermissions, but [[TitleIndex]] macro is still showing all Wiki pages for everyone. There could be option to hide that pages.

Attachments (0)

Change History (4)

comment:1 by digiqr+trac@…, 16 years ago

I don't know if this is correct and fast solution but it is working for me…

trac/wiki/macros.py

             return tag.ul([tag.li(tag.a(wiki.format_page_name(page),
                                         href=formatter.href.wiki(page)))
                            for page in pages
+                           if depth < 0 or depth >= page.count('/') - start])
+                           if (depth < 0 or depth >= page.count('/') - start) and
+                               'WIKI_VIEW' in formatter.perm('wiki', page)])
         # Group by Wiki word and/or Wiki hierarchy
         pages = [(self.SPLIT_RE.split(wiki.format_page_name(page, split=True)),

comment:2 by Christian Boos, 16 years ago

Keywords:	permission added
Milestone:	→ 0.11

Yes, it's that simple ;-)

comment:3 by osimons, 16 years ago

Resolution:	→ fixed
Status:	new → closed

Fixed in [6472].

Moved the permission check further up to catch all use cases by dropping unauthorized pages when building the initial pagelist.

Tested, and worked fine - until I switched to date view and noticed that the RecentChanges macro had no interest in such permissions either. Now they both do.

Thanks for spotting and proposing a fix!

comment:4 by digiqr+trac@…, 16 years ago

Thanks for fix. I missed RecentChanges because we don't use it :)

Modify Ticket

Change Properties

Summary:
Description:	I'm using TracFineGrainedPermissions, but {{{[[TitleIndex]]}}} macro is still showing all Wiki pages for everyone. There could be option to hide that pages. You may use WikiFormatting here.
Type:		Priority:
Milestone:		Component:
Version:		Severity:
Keywords:		Cc:	Set your email in Preferences
Branch:
Release Notes:
API Changes:
Internal Changes:

Action

leave as closed The owner will remain Christian Boos.

reopen The resolution will be deleted. Next status will be 'reopened'.

change ownership to The owner will be changed from Christian Boos to the specified user.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences .

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: