Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#3582 closed defect (invalid)

IncludeMacro shows pages with no permissions

Reported by: petr.odut@… Owned by: Noah Kantrowitz
Priority: normal Component: IncludeMacro
Severity: critical Keywords:
Cc: Trac Release: 0.11


With AuthzPolicy permission policy, I have set:

NotLogged@*? authenticated = anonymous = WIKI_VIEW

which causes to see page NotLogged only for anonymous users. But If I use IncludeMacro to include into other page, it does not respect the settings and use DefaultPermissionPolicy instead.

Attachments (0)

Change History (3)

comment:1 Changed 9 years ago by anonymous

this is the part of authzpolicy.conf file:

authenticated =
anonymous = WIKI_VIEW

comment:2 Changed 9 years ago by Noah Kantrowitz

Resolution: invalid
Status: newclosed

Permissions do not work that way. You cannot revoke permissions from lower down in the inheritance chain. All users are members of the anonymous group.

comment:3 Changed 9 years ago by petr.odut@…

I have tested this, so I know, it works like that! Nevertheless IncludeMacro ignores completely Authz permission policy, which is bad :-(

Modify Ticket

Change Properties
Set your email in Preferences
as closed The owner will remain Noah Kantrowitz.
The resolution will be deleted.

Add Comment

E-mail address and name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.