On 7/10/13, Ryan Ollos <[email protected]> wrote: > On Jul 9, 2013 10:10 PM, "Olemis Lang" <[email protected]> wrote: >> >> On 7/9/13, Ryan Ollos <[email protected]> wrote: >> > On Tue, Jul 9, 2013 at 2:57 PM, John Oliver >> > <[email protected]>wrote: >> > >> [...] >> > >> > This led to a suggestion from him that we might consider, that the > message >> > presented in the browser include information about needing to run the >> > activate script. We might be able to help the user in an even simpler > way >> > though, by providing the full path to `trac-admin` in the message. >> > >> > Rather than, The Trac Environment needs to be upgraded. Run "trac-admin >> > > /home/foo/bloodhound/apache-bloodhound-0.5.3/installer/bloodhound/environments/main >> > upgrade") >> > >> > the message could be: The Trac Environment needs to be upgraded. Run >> > "/home/foo/bloodhound/bh/bin/trac-admin >> > > /home/foo/bloodhound/apache-bloodhound-0.5.3/installer/bloodhound/environments/main >> > upgrade") >> > >> > This change should probably be made in the Trac core. >> > >> >> IMO, in the general case this will reveal server paths to users, which >> are not in a position to do anything about that . I'm not sure of how >> much beneficial it will be in practice. Indeed I'm of the opinion that >> such messages are only effective for trac admins. It'd be very nice to >> determine whether target user is granted with TRAC_ADMIN permission >> and only then show such a message. Regular users might only see a HTTP >> 503 ''Service unavailable'' response with body «Under maintenance» , >> or alike. >> >> -- >> Regards, >> >> Olemis. > > Yeah that makes sense. In regards to revealing the path, this crossed my > mind, but since the path to the env directory is revealed it didn't seem > any worse to reveal the path to trac-admin.
Yes , you are right . I've been uncomfortable too with path to env visible for users. > Your idea to hide them both > from regular users sounds even better though. > ;) > I also haven't looked into whether the path to trac-admin is readily > available where the upgrade message is generated, in order to make showing > the full path feasible. > AFAICR, in the test suite path to trac* cli tools is identified considering sys.executable . Is it enough ? -- Regards, Olemis.
