プロジェクト

全般

プロフィール

編集 操作
リンクをコピー

Vote #63265

完了

Wikis are viewable for anonymous users on public projects, despite not granting access

Admin Redmine さんが3年以上前に追加. 3年以上前に更新.

ステータス:
Closed
優先度:
高め
担当者:
-
カテゴリ:
Permissions and roles_17
対象バージョン:
0.7.2_4
開始日:
2008/05/21
期日:
進捗率:

0%

予定工数:
Redmineorg_URL:
https://www.redmine.org/issues/1280
category_id:
17
version_id:
4
issue_org_id:
1280
author_id:
463
assigned_to_id:
0
comments:
1
status_id:
5
tracker_id:
1
plus1:
0
affected_version:
closed_on:
affected_version_id:
3
ステータス-->[Closed]
引用

説明

It seems that the access control on wikis does not get respected on public projects. An anonymous user can always view wiki pages if the project is marked public, even if anonymous members have not been granted access to the wikis. This worked correctly in 0.6.4, which we were using previously. We are currently using Redmine 0.7.1.1438 (MySQL).

Steps to reproduce:

Make a new project. It must be public and have the wiki module.

Add start page for the wiki and add some text to the wiki start page

Make sure the permissions for anonymous does not include "View wiki pages"

Sign out.

Go to the 'Projects' page and click on the project that was created. The wiki tab is visible and the anonymous user can read the contents that were entered previously.

Please note that you may also see tabs for "Issues" and "News" (if you enabled those modules), which should show up, as there's not a permission to deny viewing.

journals

Actually, this bug is not specific to the wiki. Updating 'Non member' or 'Anonymous' permissions needs an application restart (these permissions were unintentionaly cached).
Problem is fixed in r1143. If you don't want to upgrade, you can just restart the app to solve this problem.
--------------------------------------------------------------------------------

操作
リンクをコピー
 #1

Admin Redmine さんが3年以上前に更新

  • カテゴリPermissions and roles_17 にセット
  • 対象バージョン0.7.2_4 にセット
編集 操作
リンクをコピー

他の形式にエクスポート: Atom PDF

いいね!0
いいね!0

demo1.unofficial-redmine.org