On 8/4/2010 11:12 AM, HeX wrote:
On 4 Aug, 10:57, Remy Blank<remy.bl...@pobox.com> wrote:
HeX wrote:
* Following your advice given in
http://trac.edgewall.org/wiki/TracUpgrade#Auhtzpermissionchecking
will remove the "Browse Source" button for anonymous users. Making it
a bit hard to find the source ;)
No, should be able to control access to the source for anonymous in your
authz file, like any other user.
I guess then there is a bug. I've now removed the global permissions
as suggested in
http://trac.edgewall.org/wiki/TracUpgrade#Auhtzpermissionchecking with
the result that anonymous users will NOT see the "Browse Source"
button but authenticated will. Mind if I enter the correct browse URL
as anonymous I will be able to access the non restricted part of the
repo. So AuthzSourcePolicy works but just does not unhide the "Browse
Source" button for anonymous users.
If you agree I can file this as a bug.
If you use the AuthzSourcePolicy *first*(well, SvnAuthzSourcePolicy
would probably have been a less confusing name - even if there's no
source dependency to svn, the permission model it implements is the one
of svn), *then* give BROWSER_VIEW to anonymous with the default,
coarse-grained permission, then the Browse Repository button should be
visible... yet the access to non-authorized parts of the repositories
should still be properly denied (untested though, but that's how it
should work).
-- Christian
--
You received this message because you are subscribed to the Google Groups "Trac
Development" group.
To post to this group, send email to trac-...@googlegroups.com.
To unsubscribe from this group, send email to
trac-dev+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/trac-dev?hl=en.
