Modify

Opened 6 years ago

Closed 2 years ago

#3479 closed defect (duplicate)

ignores user privileges settings

Reported by: anonymous Owned by: coderanger
Priority: normal Component: IncludeMacro
Severity: major Keywords:
Cc: Trac Release: 0.11

Description

The macro allows a user with no WIKI_VIEW privileges to some page to include the page in an other page and thus gaining access to it, e.g. putting [[Include(wiki:SomeRestrictedPage)]] in wiki:PubliclyAvailablePage? gives everyone reading access to SomeRestrictedPage.

I am using Trac 0.11b2.

Attachments (0)

Change History (2)

comment:1 Changed 6 years ago by anonymous

  • Trac Release changed from 0.10 to 0.11

comment:2 Changed 2 years ago by rjollos

  • Resolution set to duplicate
  • Status changed from new to closed

The WIKI_VIEW permission is checked and this has been the case since the macro was initially released.

I'm guessing you must be referring to a fine-grained permissions issue, which should be fixed on the trunk as of #9931. I'm closing this as a duplicate since the issue was presumably resolved in #9931. Please reopen if you have additional information.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.