#13210 closed defect (worksforme)
Can't re-add BROWSER_VIEW permission
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | admin/web | Version: | 1.2.2 |
| Severity: | normal | Keywords: | needinfo |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
I used the Admin page to remove BROWSER_VIEW permission from anonymous.
Having decided that is not what I wanted to do, I now want to add it back.
However, In Administration → Permissions → Grant Permissions
The drop down does not include BROWSER_VIEW as an option to re-add the permission.
Attachments (2)
Change History (10)
comment:1 by , 5 years ago
| Summary: | Can't re-add BROWSER_VIEW privileges → Can't re-add BROWSER_VIEW permission |
|---|
comment:2 by , 5 years ago
comment:3 by , 5 years ago
| Keywords: | needinfo added |
|---|---|
| Priority: | high → normal |
The permission would only be missing if the BrowserModule was disabled (or failed to load due to an error). If the BrowserModule is disabled, the permission will be grayed-out in the permission listing.
Are you able to access the Browse Source main navigation item and view repositories?
Are any other permissions missing from the dropdown menu? See TracPermissions. Or compare the menu with the output Available actions from trac-admin $ENV permission list.
Please attach the log after setting log level to debug and restarting Trac: TracTroubleshooting#ChecktheLogs
by , 5 years ago
comment:5 by , 5 years ago
After removing BROWSER_VIEW from anonymous in admin panel:
User Action -------------------------------------------- Austin.France@************ admin admin PERMISSION_ADMIN anonymous CHANGESET_VIEW anonymous FILE_VIEW anonymous LOG_VIEW anonymous MILESTONE_VIEW anonymous REPORT_SQL_VIEW anonymous REPORT_VIEW anonymous ROADMAP_VIEW anonymous SEARCH_VIEW anonymous TICKET_VIEW anonymous TIMELINE_VIEW anonymous WIKI_VIEW authenticated PERMISSION_ADMIN authenticated TICKET_CREATE authenticated TICKET_MODIFY authenticated WIKI_CREATE authenticated WIKI_MODIFY Available actions: BROWSER_VIEW, CHANGESET_VIEW, CONFIG_VIEW, EMAIL_VIEW, FILE_VIEW, LOG_VIEW, MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE, MILESTONE_MODIFY, MILESTONE_VIEW, PERMISSION_ADMIN, PERMISSION_GRANT, PERMISSION_REVOKE, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE, REPORT_MODIFY, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW, SEARCH_VIEW, TICKET_ADMIN, TICKET_APPEND, TICKET_BATCH_MODIFY, TICKET_CHGPROP, TICKET_CREATE, TICKET_EDIT_CC, TICKET_EDIT_COMMENT, TICKET_EDIT_DESCRIPTION, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW, TRAC_ADMIN, VERSIONCONTROL_ADMIN, WIKI_ADMIN, WIKI_CREATE, WIKI_DELETE, WIKI_MODIFY, WIKI_RENAME, WIKI_VIEW
comment:6 by , 5 years ago
| Resolution: | → worksforme |
|---|---|
| Status: | new → closed |
With PERMISSION_ADMIN, you can only grant and revoke permissions you've been granted. This is to prevent users from elevating their own permissions. In the extreme case a user could grant themselves TRAC_ADMIN. See the last paragraph of TracPermissions#GraphicalAdminTab.
It's intended that a user with PERMISSION_ADMIN should not modify their own permissions, rather just manage the permissions of other users.
comment:7 by , 5 years ago
See also #13209. The behavior was recently discussed on the mailing list, with a reference to the topic in that issue.
comment:8 by , 5 years ago
Ok, but doesn't PERMISSION_ADMIN include BROWSER_VIEW permission?
Admin can certainly browse, even when BROWSER_VIEW is removed from anonymous.
I am not trying to modify my own permissions, but, as admin, that of the anonymous user.
comment:9 by , 5 years ago
TRAC_ADMIN grants BROWSER_VIEW. TRAC_ADMIN is a meta-permission that grants all other permissions.
PERMISSION_ADMIN grants only PERMISSION_GRANT and PERMISSION_REVOKE.
I have worked around the issue using
/var/trac$ trac-admin . permission add anonymous BROWSER_VIEW