Ticket #6278 (closed defect: duplicate)

Opened 3 years ago

Last modified 2 years ago

improper handling of groups

Reported by: csalgau-th@bitdefender.com Assigned to: coderanger
Priority: normal Component: PrivateTicketsPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

Unless I incorrectly understand Trac permission management, a permission action is restricted to uppercase only, while a permission group is forced to not be uppercase only. This means you can have a group called TICKET_modify and give it TICKET_MODIFY rights. The current revision of PrivateTicketsPlugin incorrectly considers groups as lowercase. revision 3760, line 125: if subject in groups and action.islower() and action not in groups: tests if the current action is lowercase, which excludes groups containing uppercase characters

Attachments

policy.patch (0.7 kB) - added by csalgau-th@bitdefender.com on 12/01/09 06:55:22.
proposed fix. winmerge diff

Change History

12/01/09 06:55:22 changed by csalgau-th@bitdefender.com

  • attachment policy.patch added.

proposed fix. winmerge diff

12/04/10 01:18:26 changed by rjollos

Duplicate of #3222.

12/04/10 01:18:33 changed by rjollos

  • status changed from new to closed.
  • resolution set to duplicate.

Add/Change #6278 (improper handling of groups)




Change Properties
Action