id summary reporter owner description type status priority component severity resolution keywords cc release 11798 Display message to users with revoked account access Ryan J Ollos Steffen Hoffmann "I'll describe an issue I encountered today in one of my Trac instances. A user has several permissions including `WIKI_VIEW`, however on login only the Preferences and About navigation items were displayed. Navigating to the base url showed: //WIKI_VIEW privileges are required to perform this operation on WikiStart. You don't have the required permissions.// The issue was revealed on setting the `LOG_LEVEL` to debug: {{{ 2014-05-28 17:51:02,128 Trac[main] DEBUG: Dispatching 2014-05-28 17:51:02,142 Trac[api] INFO: Synchronized '(default)' repository in 0.01 seconds 2014-05-28 17:51:02,143 Trac[session] DEBUG: Retrieving session for ID 'jenkins' 2014-05-28 17:51:02,151 Trac[authz_policy] DEBUG: Checking ACCTMGR_USER_ADMIN on 2014-05-28 17:51:02,156 Trac[perm] DEBUG: No policy allowed jenkins performing ACCTMGR_USER_ADMIN on None 2014-05-28 17:51:02,156 Trac[api] DEBUG: AccountManager.pre_process_request: Permissions for 'jenkins' stripped (account approval revoked) 2014-05-28 17:51:02,157 Trac[GroupBasedRedirection] INFO: Redirecting jenkins to /wiki 2014-05-28 17:51:02,358 Trac[main] DEBUG: Dispatching 2014-05-28 17:51:02,372 Trac[api] INFO: Synchronized '(default)' repository in 0.01 seconds 2014-05-28 17:51:02,373 Trac[session] DEBUG: Retrieving session for ID 'jenkins' 2014-05-28 17:51:02,382 Trac[authz_policy] DEBUG: Checking ACCTMGR_USER_ADMIN on 2014-05-28 17:51:02,383 Trac[perm] DEBUG: No policy allowed jenkins performing ACCTMGR_USER_ADMIN on None 2014-05-28 17:51:02,384 Trac[api] DEBUG: AccountManager.pre_process_request: Permissions for 'jenkins' stripped (account approval revoked) 2014-05-28 17:51:02,399 Trac[authz_policy] DEBUG: Checking WIKI_VIEW on wiki:WikiStart@* 2014-05-28 17:51:02,403 Trac[perm] DEBUG: No policy allowed anonymous performing WIKI_VIEW on }}} I had been careless when revoking account access for a large number of users and accidentally revoked permissions for this user. Here are some sanitized details on my AccountManagerPlugin 0.5dev-r13806 configuration: {{{#!ini [account-manager] account_changes_notify_addresses = allow_delete_account = false force_passwd_change = true group_file = hash_method = HtPasswdHashMethod htpasswd_file = htpasswd_hash_type = crypt login_attempt_max_count = 0 notify_actions = new,change,delete password_file = password_store = HtPasswdStore persistent_sessions = False refresh_passwd = False verify_email = true }}} How about displaying a message to a user after login?: //Account access has been revoked. Please contact your administrator.//" enhancement closed normal AccountManagerPlugin normal fixed