Modify ↓
Opened 15 years ago
Closed 15 years ago
#10106 closed defect (fixed)
PermissionSystem.get_users_with_permission generates wrong parent_map
| Reported by: | anonymous | Owned by: | Remy Blank |
|---|---|---|---|
| Priority: | normal | Milestone: | 0.12.3 |
| Component: | general | Version: | 0.11.7 |
| Severity: | normal | Keywords: | permissions |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
In Trac 0.11 and 0.12 stable, get_users_with_permission() generates additional entries in the permission map by splitting up "leaf actions" that are just strings.
To demonstrate, I have done the following:
- Create a new environment with Trac 0.11
- Enabled restrict_owner
- Applied the following patch for debug info:
Index: trac/perm.py =================================================================== --- trac/perm.py (revision 10641) +++ trac/perm.py (working copy) @@ -403,9 +403,13 @@ parent_map = {} for requestor in self.requestors: for action in requestor.get_permission_actions(): + # FIXME: action is not always a tuple -- then + # this gives unexpected results as it splits up a string + print "action", action for child in action[1]: parent_map.setdefault(child, []).append(action[0]) + from pprint import pprint ; pprint(parent_map) satisfying_perms = {} def _append_with_parents(action): if action in satisfying_perms: - Loaded a ticket edit page
On the console, I could see:
action ('TRAC_ADMIN', ['EMAIL_VIEW', 'TICKET_APPEND', 'TICKET_CREATE', 'TICKET_CHGPROP', 'TICKET_VIEW', 'TICKET_EDIT_CC', 'TICKET_EDIT_DESCRIPTION', 'TICKET_MODIFY', 'TICKET_ADMIN', 'ROADMAP_VIEW', 'ROADMAP_ADMIN', 'MILESTONE_CREATE', 'MILESTONE_DELETE', 'MILESTONE_MODIFY', 'MILESTONE_VIEW', 'MILESTONE_ADMIN', 'PERMISSION_GRANT', 'PERMISSION_REVOKE', 'PERMISSION_ADMIN', 'TIMELINE_VIEW', 'CONFIG_VIEW', 'WIKI_CREATE', 'WIKI_DELETE', 'WIKI_MODIFY', 'WIKI_VIEW', 'WIKI_ADMIN', 'SEARCH_VIEW', 'REPORT_CREATE', 'REPORT_DELETE', 'REPORT_MODIFY', 'REPORT_SQL_VIEW', 'REPORT_VIEW', 'REPORT_ADMIN'])
action EMAIL_VIEW
action TICKET_APPEND
action TICKET_CREATE
action TICKET_CHGPROP
action TICKET_VIEW
action TICKET_EDIT_CC
action TICKET_EDIT_DESCRIPTION
action ('TICKET_MODIFY', ['TICKET_APPEND', 'TICKET_CHGPROP'])
action ('TICKET_ADMIN', ['TICKET_CREATE', 'TICKET_MODIFY', 'TICKET_VIEW', 'TICKET_EDIT_CC', 'TICKET_EDIT_DESCRIPTION'])
action ROADMAP_VIEW
action ('ROADMAP_ADMIN', ['MILESTONE_CREATE', 'MILESTONE_DELETE', 'MILESTONE_MODIFY', 'MILESTONE_VIEW', 'ROADMAP_VIEW'])
action MILESTONE_CREATE
action MILESTONE_DELETE
action MILESTONE_MODIFY
action MILESTONE_VIEW
action ('MILESTONE_ADMIN', ['MILESTONE_CREATE', 'MILESTONE_DELETE', 'MILESTONE_MODIFY', 'MILESTONE_VIEW'])
action PERMISSION_GRANT
action PERMISSION_REVOKE
action ('PERMISSION_ADMIN', ['PERMISSION_GRANT', 'PERMISSION_REVOKE'])
action TIMELINE_VIEW
action CONFIG_VIEW
action WIKI_CREATE
action WIKI_DELETE
action WIKI_MODIFY
action WIKI_VIEW
action ('WIKI_ADMIN', ['WIKI_CREATE', 'WIKI_DELETE', 'WIKI_MODIFY', 'WIKI_VIEW'])
action SEARCH_VIEW
action REPORT_CREATE
action REPORT_DELETE
action REPORT_MODIFY
action REPORT_SQL_VIEW
action REPORT_VIEW
action ('REPORT_ADMIN', ['REPORT_CREATE', 'REPORT_DELETE', 'REPORT_MODIFY', 'REPORT_SQL_VIEW', 'REPORT_VIEW'])
{'CONFIG_VIEW': ['TRAC_ADMIN'],
'E': ['P', 'P', 'S', 'R', 'R', 'R', 'R', 'R'],
'EMAIL_VIEW': ['TRAC_ADMIN'],
'I': ['T',
'T',
'T',
'T',
'T',
'T',
'M',
'M',
'M',
'M',
'T',
'W',
'W',
'W',
'W'],
'M': ['E'],
'MILESTONE_ADMIN': ['TRAC_ADMIN'],
'MILESTONE_CREATE': ['TRAC_ADMIN', 'ROADMAP_ADMIN', 'MILESTONE_ADMIN'],
'MILESTONE_DELETE': ['TRAC_ADMIN', 'ROADMAP_ADMIN', 'MILESTONE_ADMIN'],
'MILESTONE_MODIFY': ['TRAC_ADMIN', 'ROADMAP_ADMIN', 'MILESTONE_ADMIN'],
'MILESTONE_VIEW': ['TRAC_ADMIN', 'ROADMAP_ADMIN', 'MILESTONE_ADMIN'],
'O': ['R', 'C'],
'PERMISSION_ADMIN': ['TRAC_ADMIN'],
'PERMISSION_GRANT': ['TRAC_ADMIN', 'PERMISSION_ADMIN'],
'PERMISSION_REVOKE': ['TRAC_ADMIN', 'PERMISSION_ADMIN'],
'REPORT_ADMIN': ['TRAC_ADMIN'],
'REPORT_CREATE': ['TRAC_ADMIN', 'REPORT_ADMIN'],
'REPORT_DELETE': ['TRAC_ADMIN', 'REPORT_ADMIN'],
'REPORT_MODIFY': ['TRAC_ADMIN', 'REPORT_ADMIN'],
'REPORT_SQL_VIEW': ['TRAC_ADMIN', 'REPORT_ADMIN'],
'REPORT_VIEW': ['TRAC_ADMIN', 'REPORT_ADMIN'],
'ROADMAP_ADMIN': ['TRAC_ADMIN'],
'ROADMAP_VIEW': ['TRAC_ADMIN', 'ROADMAP_ADMIN'],
'SEARCH_VIEW': ['TRAC_ADMIN'],
'TICKET_ADMIN': ['TRAC_ADMIN'],
'TICKET_APPEND': ['TRAC_ADMIN', 'TICKET_MODIFY'],
'TICKET_CHGPROP': ['TRAC_ADMIN', 'TICKET_MODIFY'],
'TICKET_CREATE': ['TRAC_ADMIN', 'TICKET_ADMIN'],
'TICKET_EDIT_CC': ['TRAC_ADMIN', 'TICKET_ADMIN'],
'TICKET_EDIT_DESCRIPTION': ['TRAC_ADMIN', 'TICKET_ADMIN'],
'TICKET_MODIFY': ['TRAC_ADMIN', 'TICKET_ADMIN'],
'TICKET_VIEW': ['TRAC_ADMIN', 'TICKET_ADMIN'],
'TIMELINE_VIEW': ['TRAC_ADMIN'],
'WIKI_ADMIN': ['TRAC_ADMIN'],
'WIKI_CREATE': ['TRAC_ADMIN', 'WIKI_ADMIN'],
'WIKI_DELETE': ['TRAC_ADMIN', 'WIKI_ADMIN'],
'WIKI_MODIFY': ['TRAC_ADMIN', 'WIKI_ADMIN'],
'WIKI_VIEW': ['TRAC_ADMIN', 'WIKI_ADMIN']}
Notice that the map contains actions like "I" and "T" that pop up because the non-tuple actions are split unconditionally. This does not cause any harm in vanilla trac, but will definitely be a problem if anyone ever has an "A" or "B" permission :-)
Attachments (0)
Change History (2)
comment:1 by , 15 years ago
| Keywords: | permissions added |
|---|---|
| Milestone: | → 0.12.3 |
| Owner: | set to |
| Version: | → 0.11.7 |
comment:2 by , 15 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Confirmed. This should be fixed in [10667].
Note:
See TracTickets
for help on using tickets.
Thanks for the heads-up.