Modify

Opened 5 years ago

Closed 4 years ago

#6278 closed defect (duplicate)

improper handling of groups

Reported by: csalgau-th@… Owned by: coderanger
Priority: normal Component: PrivateTicketsPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

Unless I incorrectly understand Trac permission management, a permission action is restricted to uppercase only, while a permission group is forced to not be uppercase only.
This means you can have a group called TICKET_modify and give it TICKET_MODIFY rights.
The current revision of PrivateTicketsPlugin incorrectly considers groups as lowercase. revision 3760, line 125:
if subject in groups and action.islower() and action not in groups:
tests if the current action is lowercase, which excludes groups containing uppercase characters

Attachments (1)

policy.patch (710 bytes) - added by csalgau-th@… 5 years ago.
proposed fix. winmerge diff

Download all attachments as: .zip

Change History (3)

Changed 5 years ago by csalgau-th@…

proposed fix. winmerge diff

comment:1 Changed 4 years ago by rjollos

comment:2 Changed 4 years ago by rjollos

  • Resolution set to duplicate
  • Status changed from new to closed

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.