Modify

Opened 8 years ago

Closed 6 years ago

#5444 closed defect (duplicate)

anonymous user can see all private wikis

Reported by: anonymous Owned by: Eric Hodges
Priority: high Component: PrivateWikiPlugin
Severity: major Keywords:
Cc: Trac Release: 0.11

Description

Hi,

I'm appriciate privatewikiplugin. However I have odd spec and report you. in api.py:

25    def check_permission(self, action, username, resource, perm):
26	if username == 'anonymous' or resource is None or resource.id is None:
27		return None

anonymous user can access all private wiki. IMO, you don't give permisson anonymous user to access private wiki.

regards,

Takashi Okamoto

Attachments (0)

Change History (1)

comment:1 Changed 6 years ago by Nathan Lewis

Resolution: duplicate
Status: newclosed

Duplicate: See ticket:3194 Comment 13

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Eric Hodges.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.