Context Navigation

Modify ↓

#12717 closed defect (worksforme)

Timeline shows diffs for wiki pages you can't see

Reported by:	tw@…	Owned by:	Nathan Lewis
Priority:	high	Component:	PrivateWikiPlugin
Severity:	major	Keywords:
Cc:		Trac Release:	1.0

Description

If a user lacks permission to see a given wiki page, s/he can still see changes to those pages in the Timeline, including drilling down to the diffs, showing what was edited. So, I think all users with TIMELINE_VIEW permission then get access to the content of all wiki pages.

This seems like a pretty major issue that prevents this plugin from being useful for access restriction.

Attachments (0)

Change History (1)

comment:1 Changed 7 years ago by Ryan J Ollos

Resolution:	→ worksforme
Status:	new → closed

Plugin works correctly and prevents viewing wiki changes from the timeline in the latest version. I'm unsure if it worked incorrectly in earlier versions.

Modify Ticket

Change Properties

Summary:
Type:	Priority:
Component:	Severity:
Keywords:	Cc:	Set your email in Preferences
Trac Release:

Action

leave as closed The owner will remain Nathan Lewis.

reopen The resolution will be deleted. Next status will be 'reopened'.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences.

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: