Modify

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#10133 closed defect (fixed)

menu item displayed as strange artifact when having no permission for it

Reported by: falkb Owned by: rjollos
Priority: normal Component: MenusPlugin
Severity: normal Keywords:
Cc: rjollos Trac Release: 0.12

Description

Users without permission BROWSER_VIEW (and TIME_VIEW of TimingAndEstimationPlugin) actually should not see the appropriate menu items.

But they see this here:

Please, hide those strange menu artifacts.

I added rjollos because it seems he's the current maintainer.

Attachments (1)

menu.PNG (970 bytes) - added by falkb 2 years ago.

Download all attachments as: .zip

Change History (11)

Changed 2 years ago by falkb

comment:1 follow-up: Changed 2 years ago by falkb

We found out the reason seems to be this setup in trac.ini:

[mainnav]
billing = enabled
browser = enabled

Now as I removed both entries for billing and browser, the problem disappeared.

It seems, the permissions are not checked correctly at rendering menu items...

comment:2 Changed 2 years ago by rjollos

  • Owner changed from cbalan to rjollos
  • Status changed from new to assigned

comment:3 Changed 2 years ago by rjollos

(In [12144]) Refs #10133: Renamed 0.11 directory to trunk.

comment:4 in reply to: ↑ 1 ; follow-up: Changed 2 years ago by rjollos

Replying to falkb:

It seems, the permissions are not checked correctly at rendering menu items...

I can't think of how the permission could be checked in a straightforward way, since all you've done is defined an entry, but no path_info or other data to match it to a module. How does the MenusPlugin know, in a general way, that the browser entry in trac.ini is associated with the BrowserModule and the path /browser, and therefore should only be shown when the BROWSER_VIEW permission is present? Do you see a way?

However, I will commit a fix that prevents the display of entries that don't result in a valid link element.

comment:5 Changed 2 years ago by rjollos

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [12145]) Fixes #10133: Don't show entries in the navigation bar if a label with a link element is not defined.

comment:6 Changed 2 years ago by rjollos

(In [12146]) Refs #10133: Removed unnecessary continue statements.

comment:7 Changed 2 years ago by rjollos

(In [12147]) Refs #10133: Added else case so that logic is the same as before [12145].

comment:8 in reply to: ↑ 4 Changed 2 years ago by falkb

Replying to rjollos:

Do you see a way?

No, I don't

However, I will commit a fix

Thanks!

comment:9 Changed 2 years ago by rjollos

Let me know if you've had a chance to test it out. I'm hesitant to touch the plugin again without setting up unit tests to make sure I'm not introducing regressions.

comment:10 Changed 2 years ago by falkb

Tested with 0.12 and 1.0, it works well.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.