#3525: Project index should check permissions
-------------------------------------+--------------------------------------
Reporter: [EMAIL PROTECTED] | Owner: cmlenz
Type: defect | Status: closed
Priority: normal | Milestone:
Component: general | Version: 0.9.6
Severity: normal | Resolution: wontfix
Keywords: |
-------------------------------------+--------------------------------------
Changes (by cmlenz):
* status: new => closed
* resolution: => wontfix
* component: mod_python frontend => general
Comment:
First, we cannot assume that `WIKI_VIEW` is required to view a project. A
project may have the wiki disabled, and the default handler set to the
timeline, for example. So you'd probably have to check if the user has
''any'' permission on a project.
Second, in a “normal” Trac setup, authentication information is not
available on the project index page. The only way to make it available
would be to require authentication on the project index page itself,
because the auth cookies are restricted to the individual project paths.
Furthermore, the `IAuthenticator` system that determines how a username is
detected is configured per project, so you'd probably need to jump through
some hoops to make it work on the project index page.
All in all, I think this should wait for proper multi-project support,
where we'll have a “global login”.
--
Ticket URL: <http://trac.edgewall.org/ticket/3525#comment:1>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac-tickets
