Modify

Opened 5 years ago

Last modified 5 years ago

#6806 new defect

anonymous user can't view unprotected image file without PROTECTED_VIEW permission

Reported by: scarabx@… Owned by: frayja
Priority: normal Component: ProtectedMacro
Severity: major Keywords:
Cc: Trac Release: 0.11

Description

On Trac 0.11.7, anonymous user cannot view Images linked to a file in the repository. I only got it working by giving the anonymous user the PROTECTED_VIEW permission but this defeats the purpose of having protected sections.

My wiki markup is below:

= Overview =
[[Image(source:/docs/design/collage.jpg, link=, alt="", title="")]]
[[BR]]
Some Description

[[BR]]
= Development =
{{{                                                
#!protected 
 * [wiki:TheIdea The Idea]
}}}
 * [query:status=new|assigned|reopened Active Tickets]

Attachments (0)

Change History (2)

comment:1 follow-up: Changed 5 years ago by anonymous

So you are saying that the image (code below) is not shown when the viewing user does not have the PROTECTED_VIEW permission? Even though the [[IMAGE...]] is outside the protected section?

[[Image(source:/docs/design/collage.jpg, link=, alt="", title="")]]

Can you check the same thing with an image directly from disk? For both a protected and a non-protected section. For example: put a file (image.jpg) in the trac/htdocs directory and try the following:

[[Image(//image.jpg)]]

comment:2 in reply to: ↑ 1 Changed 5 years ago by anonymous

Yup, you understood correctly. When I try with an image from disk it works for both protected and unprotected! Sample below:

[[Image(htdocs:image.jpg)]]



Replying to anonymous:

So you are saying that the image (code below) is not shown when the viewing user does not have the PROTECTED_VIEW permission? Even though the [[IMAGE...]] is outside the protected section?

[[Image(source:/docs/design/collage.jpg, link=, alt="", title="")]]

Can you check the same thing with an image directly from disk? For both a protected and a non-protected section. For example: put a file (image.jpg) in the trac/htdocs directory and try the following:

[[Image(//image.jpg)]]

Add Comment

Modify Ticket

Action
as new The owner will remain frayja.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.