BlogDraftPlugin fails to save if author doesn't fit username

[bitelxux@…]

In the case that username doesn't fit author, the draft post can not be saved.

For example, if the username is bitelxux and the author is Bitelxux it will not be saved.

Should it be an acceptable fix to compare "lower" values ?

fullblogplugin/0.11/sample-plugins/BlogDraftPlugin.py

@@ -51 +51 @@
         if resource.realm == 'blog' and resource.id:
             the_post = BlogPost(self.env, resource.id, resource.version)
             for category in the_post.category_list:
-                if category in self.draft and the_post.author != username:
+                if category in self.draft and the_post.author.lower() != username.lower():
                     # Block all access regardless
                     return False
 
@@ -64 +64 @@
             if category in self.draft:
                 if req.authname == 'anonymous':
                     return [(None, 'You need to be logged in to save as draft.')]
-                elif req.authname != fields['author']:
+                elif req.authname.lower() != fields['author'].lower():
                     return [(None, "Cannot save draft for an author that isn't you.")]
         return []

[osimons]

Perhaps it is, at least if [trac] ignore_auth_case = true which should indicate that the case of usernames should be ignored on this installation. Add an extra conditional and only lowercase if this is enabled?

If the setting is enabled, you obviously don't need to do username.lower() as this should already be done – only lowercase the author.

[bitelxux@…]

Sounds good.

[osimons]

Does this patch work for you for both permission check and validation?

sample-plugins/BlogDraftPlugin.py

@@ -50 +50 @@
             return
         if resource.realm == 'blog' and resource.id:
             the_post = BlogPost(self.env, resource.id, resource.version)
+            author = self.config.getbool('trac', 'ignore_auth_case') \
+                          and the_post.author.lower() or the_post.author
             for category in the_post.category_list:
-                if category in self.draft and the_post.author != username:
+                if category in self.draft and author != username:
                     # Block all access regardless
                     return False
 
@@ -60 +62 @@
     def validate_blog_post(self, req, postname, version, fields):
         """ If the post is a draft, just do some rudimentary checking to
         make sure the author does not shoot him/herself in the foot. """
+        author = self.config.getbool('trac', 'ignore_auth_case') \
+                      and fields['author'].lower() or fields['author']
         for category in _parse_categories(fields['categories']):
             if category in self.draft:
                 if req.authname == 'anonymous':
                     return [(None, 'You need to be logged in to save as draft.')]
-                elif req.authname != fields['author']:
+                elif req.authname != author:
                     return [(None, "Cannot save draft for an author that isn't you.")]
         return []

[bitelxux@…]

Replying to osimons:

Does this patch work for you for both permission check and validation?

Confirmed. It works

[osimons]

In 15944:

FullBlogPlugin: Fix for draft usename vs author case issue. Closes #12924.

[anonymous]

Replying to osimons:

In 15944:

FullBlogPlugin: Fix for draft usename vs author case issue. Closes #12924.

Brilliant :-)