Modify

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#10133 closed defect (fixed)

menu item displayed as strange artifact when having no permission for it

Reported by: falkb Owned by: rjollos
Priority: normal Component: MenusPlugin
Severity: normal Keywords:
Cc: rjollos Trac Release: 0.12

Description

Users without permission BROWSER_VIEW (and TIME_VIEW of TimingAndEstimationPlugin) actually should not see the appropriate menu items.

But they see this here:

Please, hide those strange menu artifacts.

I added rjollos because it seems he's the current maintainer.

Attachments (1)

menu.PNG (970 bytes) - added by falkb 3 years ago.

Download all attachments as: .zip

Change History (11)

Changed 3 years ago by falkb

comment:1 follow-up: Changed 3 years ago by falkb

We found out the reason seems to be this setup in trac.ini:

[mainnav]
billing = enabled
browser = enabled

Now as I removed both entries for billing and browser, the problem disappeared.

It seems, the permissions are not checked correctly at rendering menu items...

comment:2 Changed 3 years ago by rjollos

  • Owner changed from cbalan to rjollos
  • Status changed from new to assigned

comment:3 Changed 3 years ago by rjollos

(In [12144]) Refs #10133: Renamed 0.11 directory to trunk.

comment:4 in reply to: ↑ 1 ; follow-up: Changed 3 years ago by rjollos

Replying to falkb:

It seems, the permissions are not checked correctly at rendering menu items...

I can't think of how the permission could be checked in a straightforward way, since all you've done is defined an entry, but no path_info or other data to match it to a module. How does the MenusPlugin know, in a general way, that the browser entry in trac.ini is associated with the BrowserModule and the path /browser, and therefore should only be shown when the BROWSER_VIEW permission is present? Do you see a way?

However, I will commit a fix that prevents the display of entries that don't result in a valid link element.

comment:5 Changed 3 years ago by rjollos

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [12145]) Fixes #10133: Don't show entries in the navigation bar if a label with a link element is not defined.

comment:6 Changed 3 years ago by rjollos

(In [12146]) Refs #10133: Removed unnecessary continue statements.

comment:7 Changed 3 years ago by rjollos

(In [12147]) Refs #10133: Added else case so that logic is the same as before [12145].

comment:8 in reply to: ↑ 4 Changed 3 years ago by falkb

Replying to rjollos:

Do you see a way?

No, I don't

However, I will commit a fix

Thanks!

comment:9 Changed 3 years ago by rjollos

Let me know if you've had a chance to test it out. I'm hesitant to touch the plugin again without setting up unit tests to make sure I'm not introducing regressions.

comment:10 Changed 3 years ago by falkb

Tested with 0.12 and 1.0, it works well.

Add Comment

Modify Ticket

Action
as closed The owner will remain rjollos.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.