Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#3582 closed defect (invalid)

IncludeMacro shows pages with no permissions

Reported by: petr.odut@… Owned by: coderanger
Priority: normal Component: IncludeMacro
Severity: critical Keywords:
Cc: Trac Release: 0.11


With AuthzPolicy permission policy, I have set:

NotLogged@*? authenticated = anonymous = WIKI_VIEW

which causes to see page NotLogged only for anonymous users. But If I use IncludeMacro to include into other page, it does not respect the settings and use DefaultPermissionPolicy instead.

Attachments (0)

Change History (3)

comment:1 Changed 8 years ago by anonymous

this is the part of authzpolicy.conf file:

authenticated =
anonymous = WIKI_VIEW

comment:2 Changed 8 years ago by coderanger

  • Resolution set to invalid
  • Status changed from new to closed

Permissions do not work that way. You cannot revoke permissions from lower down in the inheritance chain. All users are members of the anonymous group.

comment:3 Changed 8 years ago by petr.odut@…

I have tested this, so I know, it works like that! Nevertheless IncludeMacro ignores completely Authz permission policy, which is bad :-(

Add Comment

Modify Ticket

as closed The owner will remain coderanger.
The resolution will be deleted. Next status will be 'reopened'.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.