Opened 15 years ago
Closed 8 years ago
#9359 closed defect (worksforme)
authz_policy oddities: disabling access to anonymous disable access to everyone
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | general | Version: | 0.12dev |
Severity: | normal | Keywords: | authzpolicy verify |
Cc: | Branch: | ||
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description
Hi,
I'm currently running trunk r9610 and I have problems with authz_policy. I am trying to implement a scheme where all pages are public except those under private/.
I use the following authz.text:
[wiki:private/test@*] anonymous = authenticated = WIKI_VIEW [wiki:*@*] * = WIKI_VIEW
In default permissions, anonymous
doesn't have WIKI_VIEW
and authenticated
has it (should not be needed with the authz config used… but added just in case).
With this configuration, public pages are really readable by everybody, including authenticated people, but pages under private/ are not accessible to anybody, whether authenticated or not. It behaves like anonymous is inherited by anybody because if I replace anonymous by a real user (or something else), pages are readable for authenticated people, except the one who has been denied access.
Attachments (0)
Change History (7)
comment:1 by , 15 years ago
Keywords: | authzpolicy verify added |
---|---|
Owner: | set to |
Version: | → 0.12dev |
comment:2 by , 15 years ago
Keywords: | needinfo added; verify removed |
---|---|
Milestone: | 0.12 |
Sorry, I can't reproduce, for me it works like you expected it should.
You should send us the log output at DEBUG level.
Relevant excerpts from my tests, using the sample config you provided above:
- as authenticated user "me" (no special rights for "me"):
DEBUG: Dispatching <Request "GET '/wiki/private/test'"> DEBUG: Retrieving session for ID u'me' DEBUG: Negotiated locale: ['fr', 'en-us', 'en'] -> fr INFO: Synchronized '' repository in 0.02 seconds DEBUG: Checking WIKI_VIEW on wiki:private/test@* DEBUG: wiki:private/test@* matched section wiki:private/test@* for user me DEBUG: Prepare chrome data for request
- when not logged in:
DEBUG: Dispatching <Request "GET '/wiki/private/test'"> DEBUG: Negotiated locale: ['fr', 'en-us', 'en'] -> fr INFO: Synchronized '' repository in 0.03 seconds DEBUG: Checking WIKI_VIEW on wiki:private/test@* DEBUG: wiki:private/test@* matched section wiki:private/test@* for user anonymous DEBUG: AuthzPolicy denies anonymous performing WIKI_VIEW on <Resource u'wiki:private/test'> WARNING: HTTPForbidden: 403 Forbidden (Les droits WIKI_VIEW sont ... DEBUG: Prepare chrome data for request
comment:3 by , 14 years ago
Keywords: | verify added; needinfo removed |
---|---|
Milestone: | → next-minor-0.12.x |
comment:4 by , 10 years ago
Milestone: | next-minor-0.12.x → next-stable-1.0.x |
---|
comment:5 by , 10 years ago
Owner: | removed |
---|
comment:6 by , 8 years ago
Milestone: | next-stable-1.0.x → next-stable-1.2.x |
---|
Moved ticket assigned to next-stable-1.0.x since maintenance of 1.0.x is coming to a close. Please move the ticket back if it's critical to fix on 1.0.x.
comment:7 by , 8 years ago
Milestone: | next-stable-1.2.x |
---|---|
Resolution: | → worksforme |
Status: | new → closed |
Works for me as well.
Sounds like a regression because I vaguely remember having fixed something like that… right: see r8786. I'll verify, thanks for the report!