Modify

Opened 17 years ago

Closed 17 years ago

Last modified 17 years ago

#1585 closed defect (fixed)

Calender Plugin should somehow honor Cal_Permissions

Reported by: jc@… Owned by: Petr Machata
Priority: highest Component: CalendarPlugin
Severity: normal Keywords: security, permission
Cc: Trac Release: 0.10

Description

I've set no permission to anonymous, but anonymous is able to see the calendar. And also to edit the thing...

But cool plugin.

PS: where to switch off the Image while working (and is it needed anyway?)

Attachments (1)

Calendar.diff (3.3 KB) - added by jc@… 17 years ago.
Calendar Diff for azcalendar

Download all attachments as: .zip

Change History (7)

comment:1 Changed 17 years ago by anonymous

Component: TracHacksCalendarPlugin
Owner: changed from Alec Thomas to Petr Machata

comment:2 Changed 17 years ago by Petr Machata

Status: newassigned

Indeed it should. I agree it's very feature-incomplete security-wise at the moment.

comment:3 Changed 17 years ago by totti

Keywords: security permission added
Priority: normalhighest

is there anybody still working on this permission issue or do I have to disable this nice plugin?

pls let me know cheers totti

comment:4 Changed 17 years ago by jc@…

I did it. (hopefully) So I added the permissions and it seems to work. But I'm not THAT familiar with the Trac Style ;) so maybe I did it completely wrong... but seems to work.

The Diff is attached.

Changed 17 years ago by jc@…

Attachment: Calendar.diff added

Calendar Diff for azcalendar

comment:5 Changed 17 years ago by Petr Machata

Resolution: fixed
Status: assignedclosed

Thanks, I applied the patch (r2515).

I'd like to consider it a first stab at solving the problem, because there are some issues that need to be resolved, e.g. how does ticket ownership enter into the picture, if there should be CC lists akin to bugzilla, user groups, etc. But that's for proposal on its own.

comment:6 Changed 17 years ago by Petr Machata

Oh, and one more note, if/when you send more patches, please try to keep the indentations in python files at four spaces :)

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Petr Machata.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.