Modify ↓
Opened 9 years ago
Closed 8 years ago
#12717 closed defect (worksforme)
Timeline shows diffs for wiki pages you can't see
Reported by: | Owned by: | Nathan Lewis | |
---|---|---|---|
Priority: | high | Component: | PrivateWikiPlugin |
Severity: | major | Keywords: | |
Cc: | Trac Release: | 1.0 |
Description
If a user lacks permission to see a given wiki page, s/he can still see changes to those pages in the Timeline, including drilling down to the diffs, showing what was edited. So, I think all users with TIMELINE_VIEW permission then get access to the content of all wiki pages.
This seems like a pretty major issue that prevents this plugin from being useful for access restriction.
Attachments (0)
Note: See
TracTickets for help on using
tickets.
Plugin works correctly and prevents viewing wiki changes from the timeline in the latest version. I'm unsure if it worked incorrectly in earlier versions.