Opened 10 years ago
Last modified 7 years ago
#11748 closed defect
Disabling SearchModule does not remove search box — at Version 12
| Reported by: | Owned by: | Ryan J Ollos | |
|---|---|---|---|
| Priority: | normal | Milestone: | 1.3.1 |
| Component: | search system | Version: | 1.0-stable |
| Severity: | minor | Keywords: | |
| Cc: | Branch: | ||
| Release Notes: |
The search box is only visible when the |
||
| API Changes: |
|
||
| Internal Changes: | |||
Description
naturally you get a "No handler matched request to /search"
Change History (12)
follow-up: 3 comment:1 by , 10 years ago
| Keywords: | Search removed |
|---|---|
| Milestone: | unscheduled → next-stable-1.0.x |
comment:3 by , 10 years ago
Replying to jomae:
Reproduced. Workaround is to revoke
SEARCH_VIEWfrom all users before disablingSearchModule.We should check whether
SearchModuleis enabled before'SEARCH_VIEW' in permlike tags/trac-1.0.1/trac/ticket/query.py@:1094#L1088,
I was considering that, but would it be reasonable for a plugin to replace SearchModule and utilize the search box?
or should fix
PermissionSystemto ignore actions which are no longer defined viaIPermissionRequestor.
So 'SEARCH_VIEW' in perm would return False? That sounds like a very interesting idea which might elegantly solve the problem. It would be nice to avoid those Environment.is_component_enabled tests in the conditional.
follow-ups: 5 7 comment:4 by , 10 years ago
| Cc: | added |
|---|
With the changes in log:rjollos.git:t11748, DefaultPermissionPolicy will only return True if the action is defined. For the cases in which an action is defined on the "Module" class (the class implementing IRequestHandler), we can remove several checks for Environment.is_component_enabled and retain the same behavior (e.g. ReportModule and BatchModifyModule).
As with the change in #10285 for components listed in permission_policies, we are now "failing closed" for the case that an action is no longer defined.
This also fixes the problem with the search box being present when SearchModule is disabled. The search box should still be present when a plugin implements a handler for the /search path and defines the SEARCH_VIEW permission (untested).
The changes are implemented on the trunk and all tests are currently passing. We could implement on 1.0-stable, but we should consider that carefully. More testing is needed, but I'm feeling positive about this change.
comment:5 by , 10 years ago
Replying to rjollos:
As with the change in #10285 for components listed in
permission_policies, we are now "failing closed" for the case that an action is no longer defined.
The situation may be a bit different from #10285 though since in that case there was a security concern. I haven't yet thought of a way in which the current behavior of granting permission for an action that isn't valid could be a security risk.
comment:6 by , 9 years ago
| Cc: | removed |
|---|---|
| Milestone: | next-stable-1.0.x → 1.1.5 |
| Owner: | set to |
| Status: | new → assigned |
comment:7 by , 9 years ago
Replying to rjollos:
With the changes in log:rjollos.git:t11748,
DefaultPermissionPolicywill only returnTrueif the action is defined. For the cases in which an action is defined on the "Module" class (the class implementingIRequestHandler), we can remove several checks forEnvironment.is_component_enabledand retain the same behavior (e.g.ReportModuleandBatchModifyModule).
Modifying IPermissionRequestor is not a good solution since other permission_policies could be used. I think [825b229f/rjollos.git] is a better solution, however it requires that all permissions be defined in IPermissionRequestor implementations. That's not the case for ATTACHMENT_VIEW, ATTACHMENT_CREATE and ATTACHMENT_DELETE. If we register those in an IPermissionRequestor implementation we need a way to keep the permissions from being visible on the Permission admin page, in TracAdmin permission list, etc…
There needs to be a way to distinguish regular permissions from these special legacy permissions, such as prefixing legacy permissions with a leading underscore. Or we just get rid of the LegacyAttachmentPolicy and require that all permissions be defined in an IPermissionRequestor.
WiP in log:rjollos.git:t11748.2 (at least one unit test fails due to noted issues).
comment:8 by , 9 years ago
| Milestone: | 1.1.5 → 1.2 |
|---|
comment:10 by , 9 years ago
| Milestone: | 1.1.6 → next-dev-1.1.x |
|---|---|
| Owner: | removed |
| Status: | assigned → new |
comment:11 by , 9 years ago
| Milestone: | next-dev-1.1.x → next-dev-1.3.x |
|---|
Narrowing focus for milestone:1.2. Please move ticket to milestone:1.2 if you intend to fix it.
comment:12 by , 8 years ago
| API Changes: | modified (diff) |
|---|---|
| Milestone: | next-dev-1.3.x → 1.3.1 |
| Owner: | set to |
| Release Notes: | modified (diff) |
| Status: | new → assigned |
Possible solution is to have PermissionSystem.get_user_permissions only return permissions defined in IPermissionRequestor implementations: log:rjollos.git:t11748.3
This is a minor API change which could be avoided by having undefined default to True. However, I'm trying to keep the permission checking logic in PermissionSystem so that the behavior doesn't depend on the IPermissionStore being used.
Reproduced. Workaround is to revoke
SEARCH_VIEWfrom all users before disablingSearchModule.We should check whether
SearchModuleis enabled before'SEARCH_VIEW' in permlike tags/trac-1.0.1/trac/ticket/query.py@:1094#L1088, or should fixPermissionSystemto ignore actions which are no longer defined viaIPermissionRequestor.