Opened 19 years ago
Closed 18 years ago
#2410 closed enhancement (worksforme)
Allow read only attachments
Reported by: | Owned by: | Jonas Borgström | |
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | wiki system | Version: | 0.9 |
Severity: | normal | Keywords: | needinfo |
Cc: | Branch: | ||
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description
Currently the only way to have a "read only" attachment is to attach it to a read only page and link it to the non-read only page. I would like to have a read only attacment: it could not be replaced or deleted without the TRAC_ADMIN permission. This will prevent normal wiki editors from deleting important system files.
(In my case, I don't want someone to accidentally delete a file that others use on a regular basis)
Attachments (2)
Change History (10)
by , 19 years ago
follow-up: 7 comment:1 by , 19 years ago
Hm, normally only the authentified user who added the attachment or someone with a TRAC_ADMIN permission should be able to replace or delete the attachment (e.g. try replacing/deleting attachment:TEST)
Can you provide more details about what's wrong with the current behavior?
by , 18 years ago
comment:2 by , 18 years ago
It does make the attachment read-only. I tried to overwrite the TEST attachment with my own, and it renamed mine to TEST.2.
One strange thing is that when I tried to upload a PDF (named TEST
) the first time, I got this error:
Traceback (most recent call last): File "/usr/lib/python2.4/site-packages/trac/web/main.py", line 356, in dispatch_request dispatcher.dispatch(req) File "/usr/lib/python2.4/site-packages/trac/web/main.py", line 224, in dispatch resp = chosen_handler.process_request(req) File "/usr/lib/python2.4/site-packages/trac/attachment.py", line 361, in process_request self._do_save(req, attachment) File "/usr/lib/python2.4/site-packages/trac/attachment.py", line 474, in _do_save for field, message in manipulator.validate_attachment(req, attachment): File "build/bdist.linux-x86_64/egg/tracspamfilter/adapters.py", line 130, in validate_attachment File "build/bdist.linux-x86_64/egg/tracspamfilter/api.py", line 131, in test File "build/bdist.linux-x86_64/egg/tracspamfilter/model.py", line 119, in insert File "/usr/lib/python2.4/site-packages/trac/db/util.py", line 47, in execute return self.cursor.execute(sql_escape_percent(sql), args) File "/usr/lib/python2.4/site-packages/trac/db/util.py", line 47, in execute return self.cursor.execute(sql_escape_percent(sql), args) ProgrammingError: current transaction is aborted, commands ignored until end of transaction block
I've attached that file as TEST-traceback to see if you can replicate.
comment:3 by , 18 years ago
Oops, it won't let me attach the file, even if I try renaming. I'm getting the traceback every time.
follow-up: 6 comment:4 by , 18 years ago
That traceback seems to be exactly the same as the one reported this morning in #4070.
comment:7 by , 18 years ago
Keywords: | needinfo added |
---|
Back to the original issue in comment:2:
Hm, normally only the authentified user who added the attachment or someone with a TRAC_ADMIN permission should be able to replace or delete the attachment (e.g. try replacing/deleting attachment:TEST)
Can you provide more details about what's wrong with the current behavior?
comment:8 by , 18 years ago
Resolution: | → worksforme |
---|---|
Status: | new → closed |
This is working correctly for 0.10 (as shown in this ticket). And no new information from the reporter in over 1 year.
Test replace/delete