authz system does not expand actions

[benjamin@…]

While writing my own authz system, I need to fix some issues. One was ticket #6644, and the other issue is that the permissions are not expanded. This means that granting the TRAC_ADMIN permission does not have any effect.

The reason for this is that the call to PermissionSystem.expand_actions happens with an iterator object. However PermissionSystem.expand_actions uses the actions parameter twice. The first time all the actions are taken out of the iterator, and the second time (when walking over them to expand the actions) no actions are left.

This could be fixed by either passing in a list, or by storing the actions temporarily in expand_actions.

[Remy Blank]

I'm not sure to understand. Do you mean the call in authz_policy.py​, where perms is an iterator returned by groupby()?

Would it be possible for you to write a test case for this issue? This would help me for fixing it and avoiding its reappearing in the future.

[benjamin@…]

Yes. If you look at the function, then you will see that in perm.py:404​ the actions variable is read out. If actions is a generator, then it will be empty after this!

Then in perm.py:411​ of expand_actions the content of the "actions" variable is needed again. But as it is a generator, it is already empty.

To fix this it would be enough to add a "actions = list(actions)" at the top of the function.

As a test, something comparing the call of

ps.expand_actions(["TRAC_ADMIN"])

with

def test_iter():
    yield "TRAC_ADMIN"

ps.expand_actions(test_iter())

should be good.

[Remy Blank]

Fixed in [7716].