[Patch] Only show prefs/announcer if user has WIKI_VIEW permission

[Robert Horvath]

This plugin discards user permissions, so it is possible to leak wiki changes even if 'anonymous' has no WIKI_VIEW permission.

Attached patches prevents this kind of information leak, by disabling the pref/announcer page. First experience with python, don't really know how to fix it in the email distributer.

[Robert Horvath]

Simple solution. Only show prefs/announcer for those with WIKI_VIEW permission.

[Robert Horvath]

Finer control: allow settings if user lacks WIKI_VIEW but has TICKET_VIEW.

[anonymous]

Please move this to GeneralWikiSubscriber. You've hid the pref box, which is nice, but a user can still hand craft a POST. Also, if the user's permissions are changed, they will still receive email. It's better to add the check to the subscriptions method. Checking the users perms is a little tricky and could introduce performance problems. You should still hide the pref box to avoid confusion, but do it in get_announcement_preference_boxes.

[Robert Corsaro]

I've added a patch, but there is still a vulnerability. If the user loses WIKI_VIEW, but they where watching a wikipage prior to losing it, then they will still receive updates. We really need to do the check before returning the subscription in subscriptions(). Same goes for tickets.

[Robert Corsaro]

r8982 - Don't display wiki prefs unless user has perm

[Robert Corsaro]

I suggest upgrading to trunk to get the best security options. I have implemented a permissions filter that is run as a final step before sending emails. Trunk still needs some polish, but I think it is usable and I should have it polished soon.