Edgewall Software

Opened 12 years ago

Closed 12 years ago

#7467 closed defect (fixed)

authz system does not expand actions

Reported by: benjamin@… Owned by: Remy Blank
Priority: normal Milestone: 0.11.3
Component: general Version:
Severity: normal Keywords: permission
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:


While writing my own authz system, I need to fix some issues. One was ticket #6644, and the other issue is that the permissions are not expanded. This means that granting the TRAC_ADMIN permission does not have any effect.

The reason for this is that the call to PermissionSystem.expand_actions happens with an iterator object. However PermissionSystem.expand_actions uses the actions parameter twice. The first time all the actions are taken out of the iterator, and the second time (when walking over them to expand the actions) no actions are left.

This could be fixed by either passing in a list, or by storing the actions temporarily in expand_actions.

Attachments (0)

Change History (4)

comment:1 by Remy Blank, 12 years ago

Milestone: 0.13
Owner: set to Remy Blank

I'm not sure to understand. Do you mean the call in authz_policy.py, where perms is an iterator returned by groupby()?

Would it be possible for you to write a test case for this issue? This would help me for fixing it and avoiding its reappearing in the future.

comment:2 by benjamin@…, 12 years ago

Yes. If you look at the function, then you will see that in perm.py:404 the actions variable is read out. If actions is a generator, then it will be empty after this!

Then in perm.py:411 of expand_actions the content of the "actions" variable is needed again. But as it is a generator, it is already empty.

To fix this it would be enough to add a "actions = list(actions)" at the top of the function.

As a test, something comparing the call of



def test_iter():
    yield "TRAC_ADMIN"


should be good.

comment:3 by Remy Blank, 12 years ago


comment:4 by Remy Blank, 12 years ago

Resolution: fixed
Status: newclosed

Fixed in [7716].

Modify Ticket

Change Properties
Set your email in Preferences
as closed The owner will remain Remy Blank.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from Remy Blank to the specified user.

Add Comment

E-mail address and name can be saved in the Preferences .
Note: See TracTickets for help on using tickets.