Opened 15 years ago
Closed 8 years ago
#9359 closed defect (worksforme)
authz_policy oddities: disabling access to anonymous disable access to everyone
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | general | Version: | 0.12dev |
| Severity: | normal | Keywords: | authzpolicy verify |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
Hi,
I'm currently running trunk r9610 and I have problems with authz_policy. I am trying to implement a scheme where all pages are public except those under private/.
I use the following authz.text:
[wiki:private/test@*] anonymous = authenticated = WIKI_VIEW [wiki:*@*] * = WIKI_VIEW
In default permissions, anonymous doesn't have WIKI_VIEW and authenticated has it (should not be needed with the authz config used… but added just in case).
With this configuration, public pages are really readable by everybody, including authenticated people, but pages under private/ are not accessible to anybody, whether authenticated or not. It behaves like anonymous is inherited by anybody because if I replace anonymous by a real user (or something else), pages are readable for authenticated people, except the one who has been denied access.
Attachments (0)
Change History (7)
comment:1 by , 15 years ago
| Keywords: | authzpolicy verify added |
|---|---|
| Owner: | set to |
| Version: | → 0.12dev |
comment:2 by , 14 years ago
| Keywords: | needinfo added; verify removed |
|---|---|
| Milestone: | 0.12 |
Sorry, I can't reproduce, for me it works like you expected it should.
You should send us the log output at DEBUG level.
Relevant excerpts from my tests, using the sample config you provided above:
- as authenticated user "me" (no special rights for "me"):
DEBUG: Dispatching <Request "GET '/wiki/private/test'"> DEBUG: Retrieving session for ID u'me' DEBUG: Negotiated locale: ['fr', 'en-us', 'en'] -> fr INFO: Synchronized '' repository in 0.02 seconds DEBUG: Checking WIKI_VIEW on wiki:private/test@* DEBUG: wiki:private/test@* matched section wiki:private/test@* for user me DEBUG: Prepare chrome data for request
- when not logged in:
DEBUG: Dispatching <Request "GET '/wiki/private/test'"> DEBUG: Negotiated locale: ['fr', 'en-us', 'en'] -> fr INFO: Synchronized '' repository in 0.03 seconds DEBUG: Checking WIKI_VIEW on wiki:private/test@* DEBUG: wiki:private/test@* matched section wiki:private/test@* for user anonymous DEBUG: AuthzPolicy denies anonymous performing WIKI_VIEW on <Resource u'wiki:private/test'> WARNING: HTTPForbidden: 403 Forbidden (Les droits WIKI_VIEW sont ... DEBUG: Prepare chrome data for request
comment:3 by , 14 years ago
| Keywords: | verify added; needinfo removed |
|---|---|
| Milestone: | → next-minor-0.12.x |
comment:4 by , 10 years ago
| Milestone: | next-minor-0.12.x → next-stable-1.0.x |
|---|
comment:5 by , 10 years ago
| Owner: | removed |
|---|
comment:6 by , 8 years ago
| Milestone: | next-stable-1.0.x → next-stable-1.2.x |
|---|
Moved ticket assigned to next-stable-1.0.x since maintenance of 1.0.x is coming to a close. Please move the ticket back if it's critical to fix on 1.0.x.
comment:7 by , 8 years ago
| Milestone: | next-stable-1.2.x |
|---|---|
| Resolution: | → worksforme |
| Status: | new → closed |
Works for me as well.
Sounds like a regression because I vaguely remember having fixed something like that… right: see r8786. I'll verify, thanks for the report!