History Of Ticket 807ca32b80
Not logged in
HomeFilesLeavesTimelineBranchesTagsTicketsWikiLogin
Status Timeline
Ticket change [3f824675cd] (rid 3984) by kkinnell on 2008-11-25 18:42:55:
  1. Change comment to "Hmmmm.... documenting a documentation problem... I hate to have to report this, but the <i><b>j</b></i> permission doesn't allow "nobody" to see links to embedded documentation or other internal pages (e.g. &#91;./login&#93;). I'm confused about whether this is bug or not. It looks like <code>index.wiki</code> is set up assuming that "nobody" will be able to follow a &#91;./whatever&#93; link, but that seems like a pretty big policy change. Fix with a disclaimer? (I have one, but haven't pushed it yet.) <hr><i>drh added on 2008-11-22 12:32:11:</i><br> Reading embedded documentation should require check-out privilege ("o") since the user is reading files out of the source tree. Any file in any check-in can be read using the embedded documentation URLs. So if we allow users with Read-Wiki privilege ("j") to read embedded documentation, that essentially makes "j" and "o" the same thing."
  2. Change resolution to "Not_A_Bug"
  3. Change status to "Closed"
Ticket change [35e12ffcdf] (rid 3920) by drh on 2008-11-22 12:32:11:
  1. Appended to comment:

    drh added on 2008-11-22 12:32:11:
    Reading embedded documentation should require check-out privilege ("o") since the user is reading files out of the source tree. Any file in any check-in can be read using the embedded documentation URLs. So if we allow users with Read-Wiki privilege ("j") to read embedded documentation, that essentially makes "j" and "o" the same thing.

  2. Change resolution to "Open"
Ticket change [25beca9a45] (rid 3919) by kkinnell on 2008-11-22 10:43:48:
  1. Change comment to "Hmmmm.... documenting a documentation problem... I hate to have to report this, but the <i><b>j</b></i> permission doesn't allow "nobody" to see links to embedded documentation or other internal pages (e.g. &#91;./login&#93;). I'm confused about whether this is bug or not. It looks like <code>index.wiki</code> is set up assuming that "nobody" will be able to follow a &#91;./whatever&#93; link, but that seems like a pretty big policy change. Fix with a disclaimer? (I have one, but haven't pushed it yet.)"
  2. Change foundin to "0a523be389"
  3. Change severity to "Important"
  4. Change status to "Open"
  5. Change title to ""j" permission doesn't extend to embedded doc files."
  6. Change type to "Documentation"

Fossil version [c0211010a1] 2009-12-13 01:31:36