Opened 8 years ago
Last modified 7 years ago
#12597 closed enhancement
Prevent recursion in PermissionSystem.check_permission — at Initial Version
| Reported by: | Ryan J Ollos | Owned by: | Ryan J Ollos |
|---|---|---|---|
| Priority: | normal | Milestone: | 1.2.1 |
| Component: | general | Version: | |
| Severity: | normal | Keywords: | permissions |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
Discussed in gdiscussion:trac-users:MNvfBPbiAS0 and other threads, there is a high likelihood of recursion when a permission policy calls Permission.has_permission (usually via ACTION in perm) within its policy.check_permission method. One possible way to avoid this, which I'd like to explore, would be to skip calling policy.check_permission on the policy that invoked PermissionCache.has_permission.
Using CookBook/Configuration/SignedTickets as an example, the policy would be changed:
- any(a in perm for a in self.admin_actions): + any(a in perm(resource, policy=self) + for a in self.admin_actions):
Note:
See TracTickets
for help on using tickets.
