Opened 16 years ago
Closed 12 years ago
#3538 closed defect (duplicate)
Plugin works correctly for logged-in users, but anonymous user (not logged in) can access the private page
| Reported by: | Owned by: | Eric Hodges | |
|---|---|---|---|
| Priority: | normal | Component: | PrivateWikiPlugin |
| Severity: | major | Keywords: | anonymous |
| Cc: | Trac Release: | 0.11 |
Description
Plugin works correctly for logged-in users, but anonymous user (not logged in) can access the private page. Using Trac 0.11. Maybe I missed a setting, but it is not apparent. For now I revoked WIKI_VIEW permission from the anonymous group. If it is solely my omission in the setup and not a bug, I apologize; but please let me know what the fix is.
Regards,
Piotr
Attachments (0)
Change History (6)
comment:1 Changed 16 years ago by
| Trac Release: | 0.10 → 0.11 |
|---|
comment:2 Changed 16 years ago by
| Keywords: | anonymous added |
|---|
Same problem here. Using Trac 0.11. Disabling WIKI_VIEW from the anonymous group is not a such a good option as TRAC is normally includes a public section.
comment:3 Changed 15 years ago by
| Severity: | normal → major |
|---|
It's the same for me !
Trac 0.11.1, and unlogged user can see everything !
comment:4 Changed 15 years ago by
I think I've fixed the bug locally by changing this line in api.py from:
if username == 'anonymous' or resource is None or resource.id is None:
to
if resource is None or resource.id is None:
I haven't tested all cases, but my configuration (where anonymous has WIKI_VIEW and authenticated has PRIVATE_VIEW_ALL) works as expected.
comment:5 Changed 15 years ago by
The fix in the last post worked perfectly for me on Trac 0.11.5. That was a pretty annoying bug, thanks for the fix!
comment:6 Changed 12 years ago by
| Resolution: | → duplicate |
|---|---|
| Status: | new → closed |
Duplicate: See ticket:3194
I got same error using Trac 0.11.