Modify

Opened 6 years ago

Closed 3 years ago

#5444 closed defect (duplicate)

anonymous user can see all private wikis

Reported by: anonymous Owned by: eric256
Priority: high Component: PrivateWikiPlugin
Severity: major Keywords:
Cc: Trac Release: 0.11

Description

Hi,

I'm appriciate privatewikiplugin. However I have odd spec and report you. in api.py:

25    def check_permission(self, action, username, resource, perm):
26	if username == 'anonymous' or resource is None or resource.id is None:
27		return None

anonymous user can access all private wiki. IMO, you don't give permisson anonymous user to access private wiki.

regards,

Takashi Okamoto

Attachments (0)

Change History (1)

comment:1 Changed 3 years ago by natewlew

  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate: See ticket:3194 Comment 13

Add Comment

Modify Ticket

Action
as closed The owner will remain eric256.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.