Modify

Opened 5 years ago

Closed 3 years ago

#5444 closed defect (duplicate)

anonymous user can see all private wikis

Reported by: anonymous Owned by: eric256
Priority: high Component: PrivateWikiPlugin
Severity: major Keywords:
Cc: Trac Release: 0.11

Description

Hi,

I'm appriciate privatewikiplugin. However I have odd spec and report you.
in api.py:

25    def check_permission(self, action, username, resource, perm):
26	if username == 'anonymous' or resource is None or resource.id is None:
27		return None

anonymous user can access all private wiki. IMO, you don't give permisson anonymous user to access private wiki.

regards,

Takashi Okamoto

Attachments (0)

Change History (1)

comment:1 Changed 3 years ago by natewlew

  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate: See ticket:3194 Comment 13

Add Comment

Modify Ticket

Action
as closed .
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from eric256. Next status will be 'closed'.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.