Modify

Opened 5 years ago

Closed 5 years ago

#4997 closed defect (fixed)

Trac user permission problem when downloading file

Reported by: ilmars Owned by: Blackhex
Priority: normal Component: DownloadsPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

I'm using the very latest SVN version of Download plugin. I'm using Trac 0.11.

I gave DOWNLOAD_VIEW permission to all authenticated users (tested with individual permission assignment too), they see Download tab, they see list of files, but when they click on any file they got permission error about inssuficient privilegies. I tried to give them event DOWNLOAD_ADMIN rights, but it didn't help either. They were able to download files only when I assigned TRAC_ADMIN privilegies to them directly or via some group.

Attachments (0)

Change History (5)

comment:1 Changed 5 years ago by Blackhex

  • Status changed from new to assigned

I can't evoke this with Trac 0.11.2 and 0.11 branch of this plugin. Could you describe more your configuration (server frontent, client, etc.) and even better do you have debug log from the event?

comment:2 Changed 5 years ago by ilmars

Here is excerpt from log file in DEBUG mode

2009-04-29 11:28:26,685 Trac[main] DEBUG: Dispatching <Request "GET u'/downloads/3'">
2009-04-29 11:28:26,700 Trac[graphviz] INFO: version: 0.7.2 - id: $Id: graphviz.py 4478 2008-10-13 16:24:45Z cboos $
2009-04-29 11:28:26,715 Trac[web_ui] DEBUG: Revtree RE: ^(?P<branch>[^/]+/(?:(?:tags|branches)/[^/]+|trunk))(?:/(?P<path>.*))?$
2009-04-29 11:28:26,819 Trac[api] DEBUG: action controllers for ticket workflow: ['ConfigurableTicketWorkflow']
2009-04-29 11:28:26,880 Trac[svn_fs] DEBUG: Subversion bindings imported
2009-04-29 11:28:26,886 Trac[api] DEBUG: context: <Context <Resource 'downloads-core'>> page: None action: get-file
2009-04-29 11:28:26,886 Trac[api] DEBUG: modes: ['get-file']
2009-04-29 11:28:26,886 Trac[api] DEBUG: SELECT id, file, description, size, time, count, author, tags, component, version, architecture, platform, type FROM download WHERE id = 3
2009-04-29 11:28:26,887 Trac[api] DEBUG: path: /var/lib/trac/semti/downloads/3/annotator-r432.zip
2009-04-29 11:28:26,887 Trac[api] DEBUG: UPDATE download SET count = 1 WHERE id = 3
2009-04-29 11:28:26,913 Trac[perm] DEBUG: No policy allowed autobuild performing WIKI_ADMIN on <Resource u'downloads:3'>
2009-04-29 11:28:26,913 Trac[chrome] DEBUG: Prepare chrome data for request
2009-04-29 11:28:26,969 Trac[perm] DEBUG: No policy allowed autobuild performing DISCUSSION_ADMIN on None
2009-04-29 11:28:26,969 Trac[perm] DEBUG: No policy allowed autobuild performing TRAC_ADMIN on None
2009-04-29 11:28:26,970 Trac[perm] DEBUG: No policy allowed autobuild performing PERMISSION_GRANT on None
2009-04-29 11:28:26,970 Trac[perm] DEBUG: No policy allowed autobuild performing PERMISSION_REVOKE on None
2009-04-29 11:28:26,970 Trac[perm] DEBUG: No policy allowed autobuild performing BLOG_ADMIN on <Resource 'blog'>
2009-04-29 11:28:26,970 Trac[perm] DEBUG: No policy allowed autobuild performing TICKET_ADMIN on None
2009-04-29 11:28:26,971 Trac[perm] DEBUG: No policy allowed autobuild performing MILESTONE_MODIFY on <Resource 'ticket'>
2009-04-29 11:28:26,971 Trac[perm] DEBUG: No policy allowed autobuild performing TICKET_ADMIN on <Resource 'ticket'>
2009-04-29 11:28:26,971 Trac[perm] DEBUG: No policy allowed autobuild performing WIKI_RENAME on <Resource 'wiki'>
2009-04-29 11:28:26,971 Trac[perm] DEBUG: No policy allowed autobuild performing WIKI_ADMIN on <Resource 'wiki'>
2009-04-29 11:28:26,972 Trac[perm] DEBUG: No policy allowed autobuild performing SITEUPLOAD_MANAGE on None
2009-04-29 11:28:26,972 Trac[perm] DEBUG: No policy allowed autobuild performing SITEUPLOAD_UPLOAD on None
2009-04-29 11:28:26,972 Trac[perm] DEBUG: No policy allowed autobuild performing DOWNLOADS_ADMIN on None
2009-04-29 11:28:26,979 Trac[main] WARNING: 403 Forbidden (Insufficient privileges to perform this operation.)
2009-04-29 11:28:27,092 Trac[perm] DEBUG: No policy allowed autobuild performing EMAIL_VIEW on None
2009-04-29 11:28:27,129 Trac[session] DEBUG: Retrieving session for ID u'autobuild'
2009-04-29 11:28:27,324 Trac[main] DEBUG: 21849 unreachable objects found.

I have quite many plugins installed. Maybe some of them interferes with DownloadsPlugin?

My system info:

Trac:  	0.11 (0.11-2, current version in Ubuntu 8.10)
Python: 	2.5.2 (r252:60911, Oct 5 2008, 19:49:54) [GCC 4.3.2]
setuptools: 	0.6c9
SQLite: 	3.5.9
pysqlite: 	2.4.1
Genshi: 	0.5
mod_python: 	3.3.1
Pygments: 	0.10
Subversion: 	1.5.1 (r32289)
jQuery:	1.2.3

comment:3 Changed 5 years ago by Blackhex

Do you have TagsPlugin installed? If so, try to assing TAGS_MODIFY to authenticated user if it helps. If it's not installed check if DownloadsTags component is disabled. Did you check if file has proper permission on filesystem?

comment:4 Changed 5 years ago by ilmars

Yes, I have TagsPlugin installed, all authenicated users have TAGS_VIEW and TAGS_MODIFY permissions assigned. File system permissions was ok. Users with TRAC_ADMIN permissions were able to download files successfully.

After I disabled DownloadsTags component, everything started to work as I expected. No more permission errors even for simple users. Should DownloadsTagProvider also be disabled?

I'm using WebAdmin in Trac to enable and disable plugings and components. I just enabled all components for DownloadsPlugin, which included DownloadsTagProvider and DownloadsTags, without noticing, that in DownloadsPlugin wiki page those components are not present in ini file description. Maybe you could add warning that those components must be disabled, if TagsPlugin is already enabled in Trac?

comment:5 Changed 5 years ago by Blackhex

  • Resolution set to fixed
  • Status changed from assigned to closed

Ah great, that information helped me realize that I had not actually TagsPlugin installed when I tried to evoke this bug. :-), sorry. There was a copy-and-paste mistake in DownloadsTagsProvider component. Users had to have WIKI_MODIFY permision to modify download tags and there was need to update tags even when only download count has changed. Changeset r5646 fixes that.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.