Modify ↓
Opened 16 years ago
Closed 13 years ago
#5444 closed defect (duplicate)
anonymous user can see all private wikis
Reported by: | anonymous | Owned by: | Eric Hodges |
---|---|---|---|
Priority: | high | Component: | PrivateWikiPlugin |
Severity: | major | Keywords: | |
Cc: | Trac Release: | 0.11 |
Description
Hi,
I'm appriciate privatewikiplugin. However I have odd spec and report you. in api.py:
25 def check_permission(self, action, username, resource, perm): 26 if username == 'anonymous' or resource is None or resource.id is None: 27 return None
anonymous user can access all private wiki. IMO, you don't give permisson anonymous user to access private wiki.
regards,
Takashi Okamoto
Attachments (0)
Note: See
TracTickets for help on using
tickets.
Duplicate: See ticket:3194 Comment 13