Modify

Opened 6 years ago

Closed 3 years ago

#3538 closed defect (duplicate)

Plugin works correctly for logged-in users, but anonymous user (not logged in) can access the private page

Reported by: piotr@… Owned by: eric256
Priority: normal Component: PrivateWikiPlugin
Severity: major Keywords: anonymous
Cc: Trac Release: 0.11

Description

Plugin works correctly for logged-in users, but anonymous user (not logged in) can access the private page. Using Trac 0.11. Maybe I missed a setting, but it is not apparent. For now I revoked WIKI_VIEW permission from the anonymous group. If it is solely my omission in the setup and not a bug, I apologize; but please let me know what the fix is.

Regards,

Piotr

Attachments (0)

Change History (6)

comment:1 Changed 6 years ago by anonymous

  • Trac Release changed from 0.10 to 0.11

I got same error using Trac 0.11.

comment:2 Changed 6 years ago by anonymous

  • Keywords anonymous added

Same problem here. Using Trac 0.11. Disabling WIKI_VIEW from the anonymous group is not a such a good option as TRAC is normally includes a public section.

comment:3 Changed 6 years ago by guillaumeh

  • Severity changed from normal to major

It's the same for me !

Trac 0.11.1, and unlogged user can see everything !

comment:4 Changed 6 years ago by anonymous

I think I've fixed the bug locally by changing this line in api.py from:

if username == 'anonymous' or resource is None or resource.id is None:

to

if resource is None or resource.id is None:

I haven't tested all cases, but my configuration (where anonymous has WIKI_VIEW and authenticated has PRIVATE_VIEW_ALL) works as expected.

comment:5 Changed 5 years ago by anonymous

The fix in the last post worked perfectly for me on Trac 0.11.5. That was a pretty annoying bug, thanks for the fix!

comment:6 Changed 3 years ago by anonymous

  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate: See ticket:3194

Add Comment

Modify Ticket

Action
as closed The owner will remain eric256.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.