TitleIndex macro is not using Permissions

[digiqr+trac@…]

I'm using TracFineGrainedPermissions, but [[TitleIndex]] macro is still showing all Wiki pages for everyone.
There could be option to hide that pages.

[digiqr+trac@…]

I don't know if this is correct and fast solution but it is working for me...

trac/wiki/macros.py

@@ -102 +102 @@
             return tag.ul([tag.li(tag.a(wiki.format_page_name(page),
                                         href=formatter.href.wiki(page)))
                            for page in pages
-                           if depth < 0 or depth >= page.count('/') - start])
+                           if (depth < 0 or depth >= page.count('/') - start) and
+                               'WIKI_VIEW' in formatter.perm('wiki', page)])
         
         # Group by Wiki word and/or Wiki hierarchy
         pages = [(self.SPLIT_RE.split(wiki.format_page_name(page, split=True)), 

[cboos]

Yes, it's that simple ;-)

[osimons]

Fixed in [6472].

Moved the permission check further up to catch all use cases by dropping unauthorized pages when building the initial pagelist.

Tested, and worked fine - until I switched to date view and noticed that the RecentChanges macro had no interest in such permissions either. Now they both do.

Thanks for spotting and proposing a fix!

[digiqr+trac@…]

Thanks for fix. I missed RecentChanges because we don't use it :)