Opened 20 years ago
Closed 19 years ago
#2410 closed enhancement (worksforme)
Allow read only attachments
| Reported by: | Owned by: | Jonas Borgström | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | wiki system | Version: | 0.9 |
| Severity: | normal | Keywords: | needinfo |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
Currently the only way to have a "read only" attachment is to attach it to a read only page and link it to the non-read only page. I would like to have a read only attacment: it could not be replaced or deleted without the TRAC_ADMIN permission. This will prevent normal wiki editors from deleting important system files.
(In my case, I don't want someone to accidentally delete a file that others use on a regular basis)
Attachments (2)
Change History (10)
by , 20 years ago
follow-up: 7 comment:1 by , 20 years ago
Hm, normally only the authentified user who added the attachment or someone with a TRAC_ADMIN permission should be able to replace or delete the attachment (e.g. try replacing/deleting attachment:TEST)
Can you provide more details about what's wrong with the current behavior?
by , 19 years ago
comment:2 by , 19 years ago
It does make the attachment read-only. I tried to overwrite the TEST attachment with my own, and it renamed mine to TEST.2.
One strange thing is that when I tried to upload a PDF (named TEST) the first time, I got this error:
Traceback (most recent call last):
File "/usr/lib/python2.4/site-packages/trac/web/main.py", line 356, in dispatch_request
dispatcher.dispatch(req)
File "/usr/lib/python2.4/site-packages/trac/web/main.py", line 224, in dispatch
resp = chosen_handler.process_request(req)
File "/usr/lib/python2.4/site-packages/trac/attachment.py", line 361, in process_request
self._do_save(req, attachment)
File "/usr/lib/python2.4/site-packages/trac/attachment.py", line 474, in _do_save
for field, message in manipulator.validate_attachment(req, attachment):
File "build/bdist.linux-x86_64/egg/tracspamfilter/adapters.py", line 130, in validate_attachment
File "build/bdist.linux-x86_64/egg/tracspamfilter/api.py", line 131, in test
File "build/bdist.linux-x86_64/egg/tracspamfilter/model.py", line 119, in insert
File "/usr/lib/python2.4/site-packages/trac/db/util.py", line 47, in execute
return self.cursor.execute(sql_escape_percent(sql), args)
File "/usr/lib/python2.4/site-packages/trac/db/util.py", line 47, in execute
return self.cursor.execute(sql_escape_percent(sql), args)
ProgrammingError: current transaction is aborted, commands ignored until end of transaction block
I've attached that file as TEST-traceback to see if you can replicate.
comment:3 by , 19 years ago
Oops, it won't let me attach the file, even if I try renaming. I'm getting the traceback every time.
follow-up: 6 comment:4 by , 19 years ago
That traceback seems to be exactly the same as the one reported this morning in #4070.
comment:7 by , 19 years ago
| Keywords: | needinfo added |
|---|
Back to the original issue in comment:2:
Hm, normally only the authentified user who added the attachment or someone with a TRAC_ADMIN permission should be able to replace or delete the attachment (e.g. try replacing/deleting attachment:TEST)
Can you provide more details about what's wrong with the current behavior?
comment:8 by , 19 years ago
| Resolution: | → worksforme |
|---|---|
| Status: | new → closed |
This is working correctly for 0.10 (as shown in this ticket). And no new information from the reporter in over 1 year.
Test replace/delete