Edgewall Software
Modify

Opened 19 years ago

Closed 19 years ago

#1951 closed defect (duplicate)

RSS feeds and user permissions

Reported by: trac@… Owned by: Jonas Borgström
Priority: normal Milestone:
Component: general Version: devel
Severity: normal Keywords: rss permissions
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:

Description

Unless I'm missing something fundamental, it doesn't appear that Trac supports the use of RSS feeds unless the anonymous user has permissions to view.

In the case that the page with the RSS feed requires an authenticated user, the user has to visit /trac/login (and enter the HTTP auth data) before the session cookie is set and Trac can tell who they are. If they haven't, Trac will return a 403 forbidden, then pop up the error page saying that they need to log in to view the selected page. So, in the case of a newsreader, they try some form of the url /trac/timeline?format=rss and get told they don't have permissions. They aren't prompted for permissions at this point because the Trac pages other than /trac/login rely on the session cookie, opposed to HTTP auth, and don't ask for it. The news reader doesn't deal with anything but RSS feeds and doesn't allow the user to auth.

I'm wondering if something of the following could be done to alleviate this:

Make a /rss?type=timeline style URL that will need HTTP auth directly, opposed to checking for the Trac session cookie. This way I can have my news reader prompt me for my user name and password. From there, it should have the info (just the username, I'd imagine) to check all the permissions on whether the user is able to see particular items.

Attachments (0)

Change History (1)

comment:1 by Christopher Lenz, 19 years ago

Resolution: duplicate
Status: newclosed

This is a duplicate of #540.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Jonas Borgström.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from Jonas Borgström to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.