Modify

Opened 6 years ago

Closed 2 years ago

#3479 closed defect (duplicate)

ignores user privileges settings

Reported by: anonymous Owned by: coderanger
Priority: normal Component: IncludeMacro
Severity: major Keywords:
Cc: Trac Release: 0.11

Description

The macro allows a user with no WIKI_VIEW privileges to some page to include the page in an other page and thus gaining access to it, e.g. putting [[Include(wiki:SomeRestrictedPage)]] in wiki:PubliclyAvailablePage? gives everyone reading access to SomeRestrictedPage.

I am using Trac 0.11b2.

Attachments (0)

Change History (2)

comment:1 Changed 6 years ago by anonymous

  • Trac Release changed from 0.10 to 0.11

comment:2 Changed 2 years ago by rjollos

  • Resolution set to duplicate
  • Status changed from new to closed

The WIKI_VIEW permission is checked and this has been the case since the macro was initially released.

I'm guessing you must be referring to a fine-grained permissions issue, which should be fixed on the trunk as of #9931. I'm closing this as a duplicate since the issue was presumably resolved in #9931. Please reopen if you have additional information.

Add Comment

Modify Ticket

Action
as closed .
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from coderanger. Next status will be 'closed'.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.