#2790: trac-admin doesn't check permission names for validity.
-------------------------------+--------------------------------------------
Reporter: [EMAIL PROTECTED] | Owner: jonas
Type: defect | Status: new
Priority: normal | Milestone:
Component: general | Version: 0.9.4
Severity: normal | Resolution:
Keywords: |
-------------------------------+--------------------------------------------
Comment (by eblot):
Replying to [comment:1 anonymous]:
> I noticed that today. This can be very anoying, because you can invert
user name and privilege, trac will accpet it silently.
Permission are checked using the following rule:
* if permission is uppercase, permission is checked against the available
permissions (and rejected if no match is found)
* in other cases, permission is considered as a group of permissions, and
is not checked
--
Ticket URL: <http://projects.edgewall.com/trac/ticket/2790>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac-tickets
