Modify

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#12924 closed defect (fixed)

BlogDraftPlugin fails to save if author doesn't fit username

Reported by: bitelxux@… Owned by: osimons
Priority: low Component: FullBlogPlugin
Severity: minor Keywords: blog draft
Cc: Trac Release: 1.0

Description

In the case that username doesn't fit author, the draft post can not be saved.

For example, if the username is bitelxux and the author is Bitelxux it will not be saved.

Should it be an acceptable fix to compare "lower" values ?

  • fullblogplugin/0.11/sample-plugins/BlogDraftPlugin.py

    old new  
    5151        if resource.realm == 'blog' and resource.id:
    5252            the_post = BlogPost(self.env, resource.id, resource.version)
    5353            for category in the_post.category_list:
    54                 if category in self.draft and the_post.author != username:
     54                if category in self.draft and the_post.author.lower() != username.lower():
    5555                    # Block all access regardless
    5656                    return False
    5757
     
    6464            if category in self.draft:
    6565                if req.authname == 'anonymous':
    6666                    return [(None, 'You need to be logged in to save as draft.')]
    67                 elif req.authname != fields['author']:
     67                elif req.authname.lower() != fields['author'].lower():
    6868                    return [(None, "Cannot save draft for an author that isn't you.")]
    6969        return []

Attachments (0)

Change History (6)

comment:1 Changed 5 years ago by osimons

Perhaps it is, at least if [trac] ignore_auth_case = true which should indicate that the case of usernames should be ignored on this installation. Add an extra conditional and only lowercase if this is enabled?

If the setting is enabled, you obviously don't need to do username.lower() as this should already be done – only lowercase the author.

comment:2 Changed 5 years ago by bitelxux@…

Sounds good.

comment:3 Changed 5 years ago by osimons

Does this patch work for you for both permission check and validation?

  • sample-plugins/BlogDraftPlugin.py

    a b class BlogDraftPlugin(Component): 
    5050            return
    5151        if resource.realm == 'blog' and resource.id:
    5252            the_post = BlogPost(self.env, resource.id, resource.version)
     53            author = self.config.getbool('trac', 'ignore_auth_case') \
     54                          and the_post.author.lower() or the_post.author
    5355            for category in the_post.category_list:
    54                 if category in self.draft and the_post.author != username:
     56                if category in self.draft and author != username:
    5557                    # Block all access regardless
    5658                    return False
    5759
    class BlogDraftPlugin(Component): 
    6062    def validate_blog_post(self, req, postname, version, fields):
    6163        """ If the post is a draft, just do some rudimentary checking to
    6264        make sure the author does not shoot him/herself in the foot. """
     65        author = self.config.getbool('trac', 'ignore_auth_case') \
     66                      and fields['author'].lower() or fields['author']
    6367        for category in _parse_categories(fields['categories']):
    6468            if category in self.draft:
    6569                if req.authname == 'anonymous':
    6670                    return [(None, 'You need to be logged in to save as draft.')]
    67                 elif req.authname != fields['author']:
     71                elif req.authname != author:
    6872                    return [(None, "Cannot save draft for an author that isn't you.")]
    6973        return []

comment:4 in reply to:  3 Changed 5 years ago by bitelxux@…

Replying to osimons:

Does this patch work for you for both permission check and validation?

Confirmed. It works

comment:5 Changed 5 years ago by osimons

Resolution: fixed
Status: newclosed

In 15944:

FullBlogPlugin: Fix for draft usename vs author case issue. Closes #12924.

comment:6 in reply to:  5 Changed 5 years ago by anonymous

Replying to osimons:

In 15944:

FullBlogPlugin: Fix for draft usename vs author case issue. Closes #12924.

Brilliant :-)

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain osimons.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.