On 4 Aug, 10:57, Remy Blank <[email protected]> wrote: > HeX wrote: > > * Following your advice given in > >http://trac.edgewall.org/wiki/TracUpgrade#Auhtzpermissionchecking > > will remove the "Browse Source" button for anonymous users. Making it > > a bit hard to find the source ;) > > No, should be able to control access to the source for anonymous in your > authz file, like any other user.
I guess then there is a bug. I've now removed the global permissions as suggested in http://trac.edgewall.org/wiki/TracUpgrade#Auhtzpermissionchecking with the result that anonymous users will NOT see the "Browse Source" button but authenticated will. Mind if I enter the correct browse URL as anonymous I will be able to access the non restricted part of the repo. So AuthzSourcePolicy works but just does not unhide the "Browse Source" button for anonymous users. If you agree I can file this as a bug. > > * Can you confirm that AuthzPolicy is obsoleted by AuthzSourcePolicy > > and therefore can be removed from permission_policies completely? > > No, AuthzPolicy and AuthzSourcePolicy are two different things. The > former allows controlling access to any Trac resource (wiki, tickets, > ...), while the other one allows enforcing the same access rules to the > repositories in Trac as you have in Subversion, by using the same authz > file. OK now I finally got it (I think). Actually it was http://trac.edgewall.org/wiki/TracFineGrainedPermissions#mod_authz_svn-likepermissionpolicy that was confusing me and should probably be rewritten with the information from http://trac.edgewall.org/wiki/TracUpgrade#Auhtzpermissionchecking also to make the difference of AuthzPolicy and AuthzSourcePolicy more clear. /HeX -- You received this message because you are subscribed to the Google Groups "Trac Development" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/trac-dev?hl=en.
