[Trac-tickets] Re: [The Trac Project] #2790: trac-admin doesn't check permission names for validity.

The Trac Project Wed, 21 Jun 2006 03:32:49 -0700

#2790: trac-admin doesn't check permission names for validity.
-------------------------------+--------------------------------------------
 Reporter:  [EMAIL PROTECTED]  |        Owner:  jonas
     Type:  defect             |       Status:  new  
 Priority:  normal             |    Milestone:       
Component:  general            |      Version:  0.9.4
 Severity:  normal             |   Resolution:       
 Keywords:                     |  
-------------------------------+--------------------------------------------
Comment (by anonymous):


 I noticed that today. This can be very anoying, because you can invert
 user name and privilege, trac will accpet it silently.
 {{{
 sudo trac-admin . permission add WIKI_DELETE test
 }}}
 {{{
 ser         Action
 ----------------------------
 WIKI_DELETE  test
 anonymous    BROWSER_VIEW
 anonymous    CHANGESET_VIEW
 anonymous    FILE_VIEW
 anonymous    LOG_VIEW
 anonymous    MILESTONE_VIEW
 anonymous    REPORT_SQL_VIEW
 anonymous    REPORT_VIEW
 anonymous    ROADMAP_VIEW
 anonymous    SEARCH_VIEW
 anonymous    TICKET_CREATE
 anonymous    TICKET_MODIFY
 anonymous    TICKET_VIEW
 anonymous    TIMELINE_VIEW
 anonymous    WIKI_CREATE
 anonymous    WIKI_MODIFY
 anonymous    WIKI_VIEW
 }}}

-- 
Ticket URL: <http://projects.edgewall.com/trac/ticket/2790>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac-tickets

[Trac-tickets] Re: [The Trac Project] #2790: trac-admin doesn't check permission names for validity.

Reply via email to