Edgewall Software

Opened 12 years ago

Closed 12 years ago

#7202 closed defect (fixed)

Setting permissions fails with numeric userids

Reported by: james@… Owned by: osimons
Priority: normal Milestone: 0.11.1
Component: admin/web Version:
Severity: normal Keywords:
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:


The company where I work has a new policy of using employees file numbers as their windows username. Ie. we now have use '371732' rather than 'doej'.

Our TRAC installation ( 0.11 ) is running through Apache/mod_python, and apache is using the mod_auth_sspi to link to the Windows authentication server. As a result, we now have the odd "371732" user in TRAC.

If you try to assign permissions to these users in the manage permissions screen ( "Add Subject To Group" ), the permission grant fails with "All upper-cased tokens are reserved for permission names".

It seems that the problem is that the permission name uppercase check is done by checking

subject == subject.upper()

which holds true if subject is all numeric.

I've fixed it on my installation by changing the test to

subject == subject.upper() and subject != subject.lower()

which means that numeric userids are okay, but you still can't have an all uppercase text name.

The relevant check is in the function "render_admin_panel" in admin\web_ui.py. The check is now

if subject and subject == subject.upper() and subject != subject.lower() or \

group and group == group.upper():

raise TracError(_('All upper-cased tokens are reserved for '

'permission names'))

Please can you apply this change to core ?

Attachments (0)

Change History (4)

comment:1 by osimons, 12 years ago

Milestone: 0.11.1
Owner: changed from Christopher Lenz to osimons

Makes sense. I'll look at it.

comment:2 by osimons, 12 years ago

The various upper/lower checking could likely be replaced by Python regular string methods:

#[Out]# False
#[Out]# True
#[Out]# False

They seem to provide correct results for our purposes.

comment:3 by Christian Boos, 12 years ago

Yes, sounds like a good idea. Maybe in time for 0.11.1?

in reply to:  3 comment:4 by osimons, 12 years ago

Resolution: fixed
Status: newclosed

Replying to cboos:

Maybe in time for 0.11.1?

Sure. Committed in [7378] (0.11-stable) and [7379] (merged to trunk).

Modify Ticket

Change Properties
Set your email in Preferences
as closed The owner will remain osimons.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from osimons to the specified user.

Add Comment

E-mail address and name can be saved in the Preferences .
Note: See TracTickets for help on using tickets.