Modify

Opened 8 years ago

Closed 6 years ago

#5444 closed defect (duplicate)

anonymous user can see all private wikis

Reported by: anonymous Owned by: Eric Hodges
Priority: high Component: PrivateWikiPlugin
Severity: major Keywords:
Cc: Trac Release: 0.11

Description

Hi,

I'm appriciate privatewikiplugin. However I have odd spec and report you. in api.py:

25    def check_permission(self, action, username, resource, perm):
26	if username == 'anonymous' or resource is None or resource.id is None:
27		return None

anonymous user can access all private wiki. IMO, you don't give permisson anonymous user to access private wiki.

regards,

Takashi Okamoto

Attachments (0)

Change History (1)

comment:1 Changed 6 years ago by Nathan Lewis

Resolution: duplicate
Status: newclosed

Duplicate: See ticket:3194 Comment 13

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Eric Hodges.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.