Edgewall Software
Modify

Opened 11 years ago

Closed 11 years ago

#9600 closed defect (wontfix)

"trac-admin repository list" is not available if trac.versioncontrol.admin.VersionControlAdmin is disabled

Reported by: Samuel.Degrande@… Owned by:
Priority: normal Milestone:
Component: version control Version: 0.12
Severity: normal Keywords:
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:

Description

The trac-admin "repository list" command is only available when trac.versioncontrol.admin.VersionControlAdmin is enabled, while the other commands (add, alias, remove, set) are always available.

I would like to use that command in a cron job to detect when a user wants to add a repository to his project, and automatically create it.

I know that I can use 'config get/set' to temporally enable trac..VersionControlAdmin, but I'm wondering why the "repository list" command is not always available.

Attachments (0)

Change History (7)

in reply to:  description comment:1 by Samuel.Degrande@…, 11 years ago

Replying to Samuel.Degrande@…:

The trac-admin "repository list" command is only available when trac.versioncontrol.admin.VersionControlAdmin is enabled, while the other commands (add, alias, remove, set) are always available.

I would like to use that command in a cron job to detect when a user wants to add a repository to his project, and automatically create it.

I know that I can use 'config get/set' to temporally enable trac..VersionControlAdmin, but I'm wondering why the "repository list" command is not always available.

I just had a look at the sources. I now understand that 'list/sync/resync' need VersionControlAdmin to be enabled. So my question is now rather: in a shared trac environment (i.e. in a forge-like setup), trac-admin is used by the administrator of the whole forge to administrate all projects (at least, that's the way I understand it). Letting the admin of a project disable some commands of trac-admin is somehow strange (just like if a Unix user could prevent the root user to do some tasks).

comment:2 by Remy Blank, 11 years ago

Why do you disable the VersionControlAdmin component?

Oh, you mean, the plugin admin panel should not allow disabling trac-admin commands, even if some parts of a project are disabled? In most "forge" situations, the plugin admin panel is disabled, or replaced with a simpler version that allows enabling / disabling whole subsystems (wiki, ticket, …), not individual components. Indeed, allowing to upload plugins is a security issue in this situation, as it is equivalent to giving shell access with the permissions of the web server.

in reply to:  2 comment:3 by anonymous, 11 years ago

Replying to rblank:

Why do you disable the VersionControlAdmin component?

Oh, you mean, the plugin admin panel should not allow disabling trac-admin commands, even if some parts of a project are disabled?

Yes exactly.

In most "forge" situations, the plugin admin panel is disabled, or replaced with a simpler version that allows enabling / disabling whole subsystems (wiki, ticket, …), not individual components.

Mhhh… That would indeed be more appropriate for my use-case. How to do so ? Any example available somewhere ? (perhaps SecurePluginPanel could help here…)

Indeed, allowing to upload plugins is a security issue in this situation, as it is equivalent to giving shell access with the permissions of the web server.

This is not something that I allow. The plugins/ dir of the projects are write protected.

I was only talking of the problem of letting the user disabling a 'component part' that is needed by cron scripts to administer his project…

comment:4 by Christian Boos, 11 years ago

So… what should we do here?

comment:5 by Samuel.Degrande@…, 11 years ago

Just to let you know: my current solution is to use SecurePluginPanel to ensure that users do not disable mandatory components…

comment:6 by Samuel.Degrande@…, 11 years ago

So I guess that the ticket could be closed as "invalid"…

comment:7 by Remy Blank, 11 years ago

Resolution: wontfix
Status: newclosed

Or rather as "wontfix". Thanks for the feedback.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The ticket will remain with no owner.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from (none) to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.