Description
1.2.4 bug maybe, check if it happens with 1.3.x, too.
Even though they don't even have the rights to read, registered users are always allowed to write on any given page. Users who are not logged in will have no rights at all though.
Steps to reproduce
- moin_config.py should have the lines:
- acl_enabled = 1
- acl_rights_default = "Trusted: Known: All:"
- the moin page in question should have no ACL lines at all.
Example
You will now get the message You are not allowed to view this page. if you are logged in. But if you look at the bottom of the page, the link "EditText" is still there. If you click on it you'll notice you're still able to edit and save the page! If you're not logged in you can't do this though.
Details
MoinMoin Version |
1.2.4 |
OS and Version |
Debian 1:3.3.5-8 |
Python Version |
Python 2.3.5 |
Server Setup |
Apache 1.3.33-3 |
Server Details |
|
Workaround
I really haven't found a way.
Discussion
Can't be reproduced in both 1.2.4 and 1.3.4 dev with Apache 2 on Mac OS X and Python 2.4.
Please post here your moin_config.py file. -- NirSoffer 2005-03-09 10:33:55
Maybe related to: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=236295
IMHO this is because he did not set ..._before.
- Can't reproduce even without acl_rights_before, both with 1.2.4 and 1.3.4 dev
Either the steps to reproduce are wrong, or the user config contain something like "Known:write", which overrides the default value - because _before comes before
Plan
- Priority:
- Assigned to:
- Status: closed, can't reproduce, no more input from the reporter.