Opened 5 years ago

Closed 4 years ago

#6278 closed defect (duplicate)

improper handling of groups

Reported by: csalgau-th@… Owned by: coderanger
Priority: normal Component: PrivateTicketsPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11


Unless I incorrectly understand Trac permission management, a permission action is restricted to uppercase only, while a permission group is forced to not be uppercase only.
This means you can have a group called TICKET_modify and give it TICKET_MODIFY rights.
The current revision of PrivateTicketsPlugin incorrectly considers groups as lowercase. revision 3760, line 125:
if subject in groups and action.islower() and action not in groups:
tests if the current action is lowercase, which excludes groups containing uppercase characters

Attachments (1)

policy.patch (710 bytes) - added by csalgau-th@… 5 years ago.
proposed fix. winmerge diff

Download all attachments as: .zip

Change History (3)

Changed 5 years ago by csalgau-th@…

proposed fix. winmerge diff

comment:1 Changed 4 years ago by rjollos

comment:2 Changed 4 years ago by rjollos

  • Resolution set to duplicate
  • Status changed from new to closed

Add Comment

Modify Ticket

as closed .
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from coderanger. Next status will be 'closed'.
The resolution will be deleted. Next status will be 'reopened'.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.