Opened 15 years ago
Last modified 14 years ago
#8445 closed defect
authz_policy receives 'None' as resource — at Version 1
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | 0.12 |
| Component: | general | Version: | 0.11.5 |
| Severity: | normal | Keywords: | authzpolicy verify |
| Cc: | admin@… | Branch: | |
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description (last modified by )
I'm running a trac 0.11.4 system on an apache2 server. I wanted to have the permissions checked by the AuthzPolicy. I have
- added the authz_policy field to the trac.ini and a correct path to an authz.conf file
- i have enabled the plugin (and for testing purposes disabled all other plugins)
- i have set permission_policies = AuthzPolicy
- authz_policy.py loaded from authz_policy.py - as stated on the website
- The trac installation is a fresh one, without editing anything. Trac was installed with easy_install
- The environment is also a fresh one
- There is a global trac.ini defining the standard permission_policies among other things
- And there is a environment specific trac.ini overwriting some of the definitions
My authz.conf looks like:
# vim: syntax=dosini [groups] administrator = me developer = dev1, dev2, dev3 # Match everything else [*] @administrator = TRAC_ADMIN anonymous = BLOG_VIEW, BROWSER_VIEW, CHANGESET_VIEW, FILE_VIEW, LOG_VIEW, MILESTONE_VIEW, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_VIEW, SEARCH_VIEW, TICKET_VIEW, TIMELINE_VIEW, WIKI_VIEW authenticated = POLL_VOTE, TICKET_APPEND, TICKET_CREATE @developer = BLOG_CREATE, BLOG_MODIFY_OWN, WIKI_CREATE, WIKI_DELETE, WIKI_MODIFY, XML_RPC
After reloading the apache i'm not able to see anything but the wiki (blog plugin is disabled).
After checking the log, i found this entry
2009-07-03 12:50:00,462 Trac[authz_policy] DEBUG: Checking REPORT_VIEW on
I then added some more debug-lines to the .py file and found this
self.log.debug('Checking %s on %s (unnormalized)', action, resource)
gives
2009-07-03 12:50:00,461 Trac[authz_policy] DEBUG: Checking SEARCH_VIEW on None (unnormalized)
And fnmatch between '' and '*@*' (resource_glob) in line 216 returns false.
Some of the permission checks work (therefore i know that the setup is ok). From the log
2009-07-03 12:50:00,458 Trac[authz_policy] DEBUG: Checking WIKI_VIEW on <Resource 'wiki'> (unnormalized) 2009-07-03 12:50:00,458 Trac[authz_policy] DEBUG: Checking WIKI_VIEW on wiki:*@* 2009-07-03 12:50:00,459 Trac[authz_policy] DEBUG: Resource glob *@* 2009-07-03 12:50:00,459 Trac[authz_policy] DEBUG: fnmatch gives: True 2009-07-03 12:50:00,459 Trac[authz_policy] DEBUG: wiki:*@* matched section *@* for user funsheep
Change History (1)
comment:1 by , 15 years ago
| Description: | modified (diff) |
|---|---|
| Keywords: | authzpolicy verify added |
| Summary: | authz_policy recieves 'None' as recource → authz_policy receives 'None' as resource |
Note:
See TracTickets
for help on using tickets.
Normally checking against "None" means "is the permission granted in general", so this shouldn't be problematic.
What happens if you add the TICKET_VIEW in the permissions?