Edgewall Software

Changes between Version 1 and Version 2 of Ticket #11293


Ignore:
Timestamp:
Sep 5, 2013, 9:56:11 PM (11 years ago)
Author:
Ryan J Ollos
Comment:

Related:

  • After #11272: if the authz file can't be found or can't be parsed, a ConfigurationError is raised.
  • After #10285: If AuthzPolicy is added to [trac] permission_policies but the component is not enabled or fails to load, a ConfigurationError will be raised.

If [authz_policy] authz_file is not specified in trac.ini but AuthzPolicy is active, there is currently no error. We should probably raise a ConfigurationError in this case.

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #11293

    • Property Status newassigned
    • Property Summary AuthzPolicy fails SILENTLY!AuthzPolicy will fail silently if ConfigObj is not available
    • Property Keywords authzpolicy permissions added
    • Property Milestone1.0.2
    • Property Owner set to Ryan J Ollos

  • Ticket #11293 – Description

    v1 v2  
    1 When python-configobj is not avaibalble, the AuthzPolicy fails without any notice (except a log entry). In the default config that means, that all pages are accessible and any restrictions are void. This is VERY dangerous.
     1When python-configobj is not available, the AuthzPolicy fails without any notice (except a log entry). In the default config that means, that all pages are accessible and any restrictions are void. This is VERY dangerous.
    22
    33Immediate Fix:
    4 {{{
     4{{{#!diff
    55--- /usr/lib/python2.7/site-packages/tracopt/perm/authz_policy.py~      2013-09-05 14:38:16.000000000 +0200
    66+++ /usr/lib/python2.7/site-packages/tracopt/perm/authz_policy.py       2013-09-05 14:38:37.346011447 +0200