[Patch] /worklog is reachable without WORK_VIEW permission
|Reported by:||svrki@…||Owned by:||coling|
when i try to reach url http://mydomain/mytrac/worklog, it is acessible without previous login. for all other urls i need to login first (which is what i want).
there are no permissions set up for anonymous users, only logged in users have privileges to display content of my trac.
i have temporarily blocked this by modifying apache config, but i guess this is a bug and needs to be fixed or documented.
Change History (4)
comment:1 Changed 4 years ago by rjollos
- Summary changed from url to worklog is reachable without previous login to [Patch] /worklog is reachable without WORK_VIEW permission