On 8/4/2010 9:59 AM, HeX wrote:
Remy,
On 3 Aug, 18:26, Remy Blank<remy.bl...@pobox.com> wrote:
So in your case: don't specify any of BROWSER_VIEW, FILE_VIEW,
CHANGESET_VIEW and LOG_VIEW in the "global" permissions ("trac-admin
permission" or the "Permissions" admin panel), configure your SVN authz
file to restrict access to SVN, and pass the file to Trac in [trac]
authz_file. Trac will then enforce the same restrictions as SVN.
This is exactly the setup I have and what I'm on about because exactly
THIS DOES NOT WORK in 0.12 any more.
Before you could specify BROWSER_VIEW, etc in the global permissions
and then Trac would look into the authz_file to check which
directories the user can enter/view. Now giving any group
BROWSER_VIEW, etc., in the global permissions will give the respective
group *global* BROWSER_VIEW no matter what the authz_file states.
On the other hand, denying, e.g., anonymous, BROWSER_VIEW will lead to
anonymous not being able to browse the source AT ALL. No matter what
authz_file says (the authz_file is, again, simply ignored by Trac
0.12) Trac wouldn't know that anonymous users should get the "Browse
Source" button or be able to access foo/Browser.
Do you see where the problem is?
Isn't that simply a problem with the ordering of policies?
What is your "[trac] permission_policies" setting?
Does it help to put AuthzSourcePolicy first?
-- Christian
--
You received this message because you are subscribed to the Google Groups "Trac
Development" group.
To post to this group, send email to trac-...@googlegroups.com.
To unsubscribe from this group, send email to
trac-dev+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/trac-dev?hl=en.
