Opened 14 years ago
Closed 14 years ago
#9600 closed defect (wontfix)
"trac-admin repository list" is not available if trac.versioncontrol.admin.VersionControlAdmin is disabled
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | version control | Version: | 0.12 |
| Severity: | normal | Keywords: | |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
The trac-admin "repository list" command is only available when trac.versioncontrol.admin.VersionControlAdmin is enabled, while the other commands (add, alias, remove, set) are always available.
I would like to use that command in a cron job to detect when a user wants to add a repository to his project, and automatically create it.
I know that I can use 'config get/set' to temporally enable trac..VersionControlAdmin, but I'm wondering why the "repository list" command is not always available.
Attachments (0)
Change History (7)
comment:1 by , 14 years ago
follow-up: 3 comment:2 by , 14 years ago
Why do you disable the VersionControlAdmin component?
Oh, you mean, the plugin admin panel should not allow disabling trac-admin commands, even if some parts of a project are disabled? In most "forge" situations, the plugin admin panel is disabled, or replaced with a simpler version that allows enabling / disabling whole subsystems (wiki, ticket, …), not individual components. Indeed, allowing to upload plugins is a security issue in this situation, as it is equivalent to giving shell access with the permissions of the web server.
comment:3 by , 14 years ago
Replying to rblank:
Why do you disable the
VersionControlAdmincomponent?Oh, you mean, the plugin admin panel should not allow disabling
trac-admincommands, even if some parts of a project are disabled?
Yes exactly.
In most "forge" situations, the plugin admin panel is disabled, or replaced with a simpler version that allows enabling / disabling whole subsystems (wiki, ticket, …), not individual components.
Mhhh… That would indeed be more appropriate for my use-case. How to do so ? Any example available somewhere ? (perhaps SecurePluginPanel could help here…)
Indeed, allowing to upload plugins is a security issue in this situation, as it is equivalent to giving shell access with the permissions of the web server.
This is not something that I allow. The plugins/ dir of the projects are write protected.
I was only talking of the problem of letting the user disabling a 'component part' that is needed by cron scripts to administer his project…
comment:5 by , 14 years ago
Just to let you know: my current solution is to use SecurePluginPanel to ensure that users do not disable mandatory components…
comment:7 by , 14 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
Or rather as "wontfix". Thanks for the feedback.
Replying to Samuel.Degrande@…:
I just had a look at the sources. I now understand that 'list/sync/resync' need VersionControlAdmin to be enabled. So my question is now rather: in a shared trac environment (i.e. in a forge-like setup), trac-admin is used by the administrator of the whole forge to administrate all projects (at least, that's the way I understand it). Letting the admin of a project disable some commands of trac-admin is somehow strange (just like if a Unix user could prevent the root user to do some tasks).