Edgewall Software

Ticket #4050 (closed defect: fixed)

Opened 2 years ago

Last modified 21 months ago

Admin tab visibility does not respect authentication via group membership

Reported by: jeffstewart@… Owned by: mgood
Priority: normal Milestone: 0.11
Component: admin/web Version: 0.10.2
Severity: normal Keywords: permission groups
Cc:

Description

Adding the TRAC_ADMIN permission to a group of users created using the steps in http://trac.edgewall.org/wiki/TracPermissions#PermissionGroups does not cause the Admin tab to appear when a member of that group authenticates.

Attachments

permissionoutput.txt (2.2 KB) - added by swithin@… 2 years ago.
Output of "python trac-admin c:\svn\trac.db permission list > permissionoutput.txt"

Change History

Changed 2 years ago by info@…

  • version changed from 0.10 to 0.10.2

same with my installation. some solutions?

Changed 2 years ago by mgood

  • keywords needinfo added; admin tab user group permission removed

First be sure you've enabled the plugin. You should also be sure to restart the Trac web server after installing a new plugin.

Are you saying it works when you add the TRAC_ADMIN permission to a specific user, but not with a group? If so can you provide the output of "trac-admin your-project permission list" and the names of users you've seen this with.

Changed 2 years ago by swithin@…

Output of "python trac-admin c:\svn\trac.db permission list > permissionoutput.txt"

Changed 2 years ago by anonymous

I ran the permission dump that mgood requested against Trac 0.9.4 after I saw the same error myself (in Trac 0.9.4) and found this ticket. See attached file called permissionoutput.txt. Note in there there is a user called jfrenia. When he was only assigned to the Administrator group, he didn't see the Admin tab. But as soon as I added the TRAC_ADMIN permission, he could see it. I'm not sure if you will want to use this test output since it came from 0.9.4 rather than 10.2, but if the problem always existed (even in earlier versions of Trac), it should be valid output.

Changed 2 years ago by Noah Kantrowitz <coderanger@…>

All group names should be lowercase. You have one called Administrator.

Changed 2 years ago by sid

That has caught a lot of people, and is documented here: TracPermissions#PermissionGroups

Changed 2 years ago by mgood

Yes, at the moment you can't have any uppercase letters in a group name. I had the impression that they simply couldn't be all uppercase, but based on the code that's not true. Is there a reason to prevent mixed-case group names? This should be fairly easy to fix.

Changed 21 months ago by cboos

  • keywords permission groups added; needinfo removed
  • milestone set to 0.11

So what do we do about this ticket and the possibility to have mixed-case group names. As we're working on the permissions for 0.11, it's probably a good time to decide about this.

Changed 21 months ago by mgood

  • owner changed from cmlenz to mgood
  • status changed from new to assigned

Yeah, currently mixed case names are being considered as permissions rather than groups, so I think it makes sense to switch that around.

Changed 21 months ago by mgood

  • status changed from assigned to closed
  • resolution set to fixed

Done in r4958.

Add/Change #4050 (Admin tab visibility does not respect authentication via group membership)

Author



Change Properties
<Author field>
Action
as closed
Next status will be 'reopened'
to The owner will change from mgood. Next status will be 'closed'
 
Note: See TracTickets for help on using tickets.