Context Navigation

Modify ↓

#6343 closed defect (worksforme)

I can't protect from removing attachments files

Reported by:	anonymous	Owned by:	osimons
Priority:	high	Component:	FullBlogPlugin
Severity:	critical	Keywords:
Cc:	maxwellfarias@…	Trac Release:	0.11

Description

Dear,

The BLOG_VIEW permission doesn't protect from removing attachments files. Is this a bug or a configuration issue?

Attachments (0)

Change History (2)

comment:1 Changed 15 years ago by anonymous

Cc:	maxwellfarias@… added; anonymous removed

comment:2 Changed 15 years ago by osimons

Resolution:	→ worksforme
Status:	new → closed

Configuration, I'd say. On my setup, a user with only BLOG_VIEW is allowed to see posts and attachments, but no more. The user won't be able to delete attachments (or upload new ones).

I'd check Permissions, and suspect the user has some other blog-related permissions as well (more than just viewing). Or perhaps you've installed some custom security policy plugin or similar that change default behaviour? Default policies looks like this:

[trac]
permission_policies = DefaultPermissionPolicy, LegacyAttachmentPolicy

Modify Ticket

Change Properties

Summary:
Type:	Priority:
Component:	Severity:
Keywords:	Cc:	Set your email in Preferences
Trac Release:

Action

leave as closed The owner will remain osimons.

reopen The resolution will be deleted. Next status will be 'reopened'.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences.

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: