Context Navigation

Modify ↓

#5444 closed defect (duplicate)

anonymous user can see all private wikis

Reported by:	anonymous	Owned by:	Eric Hodges
Priority:	high	Component:	PrivateWikiPlugin
Severity:	major	Keywords:
Cc:		Trac Release:	0.11

Description

Hi,

I'm appriciate privatewikiplugin. However I have odd spec and report you. in api.py:

25    def check_permission(self, action, username, resource, perm):
26	if username == 'anonymous' or resource is None or resource.id is None:
27		return None

anonymous user can access all private wiki. IMO, you don't give permisson anonymous user to access private wiki.

regards,

Takashi Okamoto

Attachments (0)

Change History (1)

comment:1 Changed 13 years ago by Nathan Lewis

Resolution:	→ duplicate
Status:	new → closed

Duplicate: See ticket:3194 Comment 13

Modify Ticket

Change Properties

Summary:
Type:	Priority:
Component:	Severity:
Keywords:	Cc:	Set your email in Preferences
Trac Release:

Action

leave as closed The owner will remain Eric Hodges.

reopen The resolution will be deleted. Next status will be 'reopened'.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences.

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: