Edgewall Software
Modify

Opened 19 years ago

Closed 19 years ago

Last modified 19 years ago

#3005 closed defect (invalid)

Fine grained permissions don't work on wiki

Reported by: mark@… Owned by: Jonas Borgström
Priority: normal Milestone:
Component: general Version: 0.9.4
Severity: normal Keywords:
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:

Description

testcase

Create a page, let's say mogg. This page shall only be visible to two users…

# excerpt of trac.ini
[trac]
authz_file = /var/lib/trac/test/conf/authz.conf
# authz.conf
[/]
* = r

[/wiki/mogg]
* =
mark = rw
work = r

expected behaviour

Anonymous cannot view that page.

actual behaviour

Anonymous is able to view that page, too.

notes

  • Setting authz_module_name does not change anything.
  • Neither [mogg] nor [/mogg] nor [/wiki/mogg] nor any equivalent with module-name works.
  • I've restarted apache between every run.

Attachments (0)

Change History (3)

comment:1 by Emmanuel Blot, 19 years ago

Resolution: invalid
Status: newclosed

FineGrainedPermissions only apply to repository files, not to Wiki pages.

Use TracPermissions (trac-admin or WebAdmin plugin) to define access rights to Wiki page (per-page permissions is not available for wiki pages)

comment:2 by coderanger, 19 years ago

What you are looking for is the WikiRbacPatch on trac-hacks.org

comment:3 by mark@…, 19 years ago

Summary: Fine grained permission don't work (security hole)Fine grained permissions don't work on wiki

You're right. I've mixed these two RBAC things up due to the similiarity in names.

Please accept my apologies.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Jonas Borgström.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from Jonas Borgström to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.