HeX wrote: > But anonymous user with BROWSER_VIEW will be able to browse "projects:/ > bar" none the less. :(
Of course, if you give anonymous BROWSER_VIEW, he will be able to browse files :) You should remove BROWSER_VIEW (and also CHANGESET_VIEW, FILE_VIEW and LOG_VIEW) from all users (including anonymous), as that overrides the fine-grained permissions. The permissions are now granted by the authz system directly. This indeed seems to be a difference in behavior from 0.11. We should probably document that. Actually, TracFineGrainedPermissions still mentions the old system, so we should rewrite the whole section. -- Remy
signature.asc
Description: OpenPGP digital signature
