improper handling of groups
|Reported by:||csalgau-th@…||Owned by:||coderanger|
Unless I incorrectly understand Trac permission management, a permission action is restricted to uppercase only, while a permission group is forced to not be uppercase only.
This means you can have a group called TICKET_modify and give it TICKET_MODIFY rights.
The current revision of PrivateTicketsPlugin incorrectly considers groups as lowercase. revision 3760, line 125:
if subject in groups and action.islower() and action not in groups:
tests if the current action is lowercase, which excludes groups containing uppercase characters