On Wed, Jul 10, 2013 at 8:38 AM, Olemis Lang <[email protected]> wrote:
> On 7/10/13, Ryan Ollos <[email protected]> wrote: > > On Jul 9, 2013 10:10 PM, "Olemis Lang" <[email protected]> wrote: > >> > >> On 7/9/13, Ryan Ollos <[email protected]> wrote: > >> > On Tue, Jul 9, 2013 at 2:57 PM, John Oliver > >> > <[email protected]>wrote: > >> > > >> [...] > >> > > >> > This led to a suggestion from him that we might consider, that the > > message > >> > presented in the browser include information about needing to run the > >> > activate script. We might be able to help the user in an even simpler > > way > >> > though, by providing the full path to `trac-admin` in the message. > >> > > >> > Rather than, The Trac Environment needs to be upgraded. Run > "trac-admin > >> > > > > /home/foo/bloodhound/apache-bloodhound-0.5.3/installer/bloodhound/environments/main > >> > upgrade") > >> > > >> > the message could be: The Trac Environment needs to be upgraded. Run > >> > "/home/foo/bloodhound/bh/bin/trac-admin > >> > > > > /home/foo/bloodhound/apache-bloodhound-0.5.3/installer/bloodhound/environments/main > >> > upgrade") > >> > > >> > This change should probably be made in the Trac core. > >> > > >> > >> IMO, in the general case this will reveal server paths to users, which > >> are not in a position to do anything about that . I'm not sure of how > >> much beneficial it will be in practice. Indeed I'm of the opinion that > >> such messages are only effective for trac admins. It'd be very nice to > >> determine whether target user is granted with TRAC_ADMIN permission > >> and only then show such a message. Regular users might only see a HTTP > >> 503 ''Service unavailable'' response with body «Under maintenance» , > >> or alike. > >> > >> -- > >> Regards, > >> > >> Olemis. > > > > Yeah that makes sense. In regards to revealing the path, this crossed my > > mind, but since the path to the env directory is revealed it didn't seem > > any worse to reveal the path to trac-admin. > > Yes , you are right . I've been uncomfortable too with path to env > visible for users. > > > Your idea to hide them both > > from regular users sounds even better though. > > > > ;) > > > I also haven't looked into whether the path to trac-admin is readily > > available where the upgrade message is generated, in order to make > showing > > the full path feasible. > > > > AFAICR, in the test suite path to trac* cli tools is identified > considering sys.executable . Is it enough ? > Thanks for the hint, I will keep it in mind if/when I finally get to working on this issue. I opened a ticket to summarize the discussion that took place in this thread. Please add to it if you see fit: https://issues.apache.org/bloodhound/ticket/589 Thank you for the ideas and good discussion on the matter!
