trac-admin permission list does not bark about nonexistent user?
19 views
Skip to first unread message
Mauricio Tavares
Aug 21, 2023, 11:40:32 AM8/21/23
to trac-...@googlegroups.com
Trying to come up with a way to check if a given user exists. User hairloss is not defined in test-repo. I expected it to bark at me, saying user did not exist or something. Instead, it acted like user was there
trac-admin /srv/trac/test-repo permission list hairloss
User Action
-------------------------
hairloss BROWSER_VIEW
hairloss CHANGESET_VIEW
hairloss FILE_VIEW
hairloss LOG_VIEW
hairloss MILESTONE_VIEW
hairloss REPORT_SQL_VIEW
hairloss REPORT_VIEW
hairloss ROADMAP_VIEW
hairloss SEARCH_VIEW
hairloss TICKET_APPEND
hairloss TICKET_CHGPROP
hairloss TICKET_CREATE
hairloss TICKET_MODIFY
hairloss TICKET_VIEW
hairloss TIMELINE_VIEW
hairloss WIKI_CREATE
hairloss WIKI_MODIFY
hairloss WIKI_VIEW
Available actions:
BROWSER_VIEW, CHANGESET_VIEW, CONFIG_VIEW, EMAIL_VIEW, FILE_VIEW,
LOG_VIEW, MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE,
MILESTONE_MODIFY, MILESTONE_VIEW, PERMISSION_ADMIN, PERMISSION_GRANT,
PERMISSION_REVOKE, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE,
REPORT_MODIFY, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW,
SEARCH_VIEW, TICKET_ADMIN, TICKET_APPEND, TICKET_BATCH_MODIFY,
TICKET_CHGPROP, TICKET_CREATE, TICKET_EDIT_CC, TICKET_EDIT_COMMENT,
TICKET_EDIT_DESCRIPTION, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW,
TRAC_ADMIN, VERSIONCONTROL_ADMIN, WIKI_ADMIN, WIKI_CREATE, WIKI_DELETE,
WIKI_MODIFY, WIKI_RENAME, WIKI_VIEW
trac-admin /srv/trac/test-repo permission list hairloss
User Action
-------------------------
hairloss BROWSER_VIEW
hairloss CHANGESET_VIEW
hairloss FILE_VIEW
hairloss LOG_VIEW
hairloss MILESTONE_VIEW
hairloss REPORT_SQL_VIEW
hairloss REPORT_VIEW
hairloss ROADMAP_VIEW
hairloss SEARCH_VIEW
hairloss TICKET_APPEND
hairloss TICKET_CHGPROP
hairloss TICKET_CREATE
hairloss TICKET_MODIFY
hairloss TICKET_VIEW
hairloss TIMELINE_VIEW
hairloss WIKI_CREATE
hairloss WIKI_MODIFY
hairloss WIKI_VIEW
Available actions:
BROWSER_VIEW, CHANGESET_VIEW, CONFIG_VIEW, EMAIL_VIEW, FILE_VIEW,
LOG_VIEW, MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE,
MILESTONE_MODIFY, MILESTONE_VIEW, PERMISSION_ADMIN, PERMISSION_GRANT,
PERMISSION_REVOKE, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE,
REPORT_MODIFY, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW,
SEARCH_VIEW, TICKET_ADMIN, TICKET_APPEND, TICKET_BATCH_MODIFY,
TICKET_CHGPROP, TICKET_CREATE, TICKET_EDIT_CC, TICKET_EDIT_COMMENT,
TICKET_EDIT_DESCRIPTION, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW,
TRAC_ADMIN, VERSIONCONTROL_ADMIN, WIKI_ADMIN, WIKI_CREATE, WIKI_DELETE,
WIKI_MODIFY, WIKI_RENAME, WIKI_VIEW
RjOllos
Aug 21, 2023, 12:02:12 PM8/21/23
to Trac Users
The command doesn't check whether the user exists because you could be adding a permission group.
To check if a user exists, try the "session list" command.
Mauricio
Aug 22, 2023, 9:38:06 AM8/22/23
to Trac Users
With that said, why is it listing the nonexistent user as if it is a member of all of those groups? I would understand if it listed a blank after the username.
To check if a user exists, try the "session list" command.
So I ran "trac-admin /srv/trac/test-repo session list" while tractd is running, and this is what I got back
SID Auth Last Visit Name Email Default Handler
---------------------------------------------------
SID Auth Last Visit Name Email Default Handler
---------------------------------------------------
I think quit tracd and repeated the test. Same outcome. Is that the expected behaviour?
RjOllos
Aug 23, 2023, 4:38:22 PM8/23/23
to Trac Users
It appears the non-existent user is inheriting from the anonymous group. What is shown if you omit the username? Like so:
$ trac-admin ../tracenvs/proj-1.5 permission list
User Action
------------------------------
anonymous BROWSER_VIEW
anonymous CHANGESET_VIEW
anonymous FILE_VIEW
anonymous LOG_VIEW
anonymous MILESTONE_VIEW
anonymous REPORT_SQL_VIEW
anonymous REPORT_VIEW
anonymous ROADMAP_VIEW
anonymous SEARCH_VIEW
anonymous TICKET_VIEW
anonymous TIMELINE_VIEW
anonymous TRAC_ADMIN
anonymous WIKI_VIEW
authenticated TICKET_CREATE
authenticated TICKET_MODIFY
authenticated WIKI_CREATE
authenticated WIKI_MODIFY
User Action
------------------------------
anonymous BROWSER_VIEW
anonymous CHANGESET_VIEW
anonymous FILE_VIEW
anonymous LOG_VIEW
anonymous MILESTONE_VIEW
anonymous REPORT_SQL_VIEW
anonymous REPORT_VIEW
anonymous ROADMAP_VIEW
anonymous SEARCH_VIEW
anonymous TICKET_VIEW
anonymous TIMELINE_VIEW
anonymous TRAC_ADMIN
anonymous WIKI_VIEW
authenticated TICKET_CREATE
authenticated TICKET_MODIFY
authenticated WIKI_CREATE
authenticated WIKI_MODIFY
Available actions:
BROWSER_VIEW, CHANGESET_VIEW, CONFIG_VIEW, EMAIL_VIEW, FILE_VIEW,
LOG_VIEW, MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE,
MILESTONE_MODIFY, MILESTONE_VIEW, PERMISSION_ADMIN, PERMISSION_GRANT,
PERMISSION_REVOKE, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE,
REPORT_MODIFY, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW,
SEARCH_VIEW, TICKET_ADMIN, TICKET_APPEND, TICKET_BATCH_MODIFY,
TICKET_CHGPROP, TICKET_CREATE, TICKET_EDIT_CC, TICKET_EDIT_COMMENT,
TICKET_EDIT_DESCRIPTION, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW,
TRAC_ADMIN, VERSIONCONTROL_ADMIN, WIKI_VIEW
To check if a user exists, try the "session list" command.So I ran "trac-admin /srv/trac/test-repo session list" while tractd is running, and this is what I got back
SID Auth Last Visit Name Email Default Handler
---------------------------------------------------I think quit tracd and repeated the test. Same outcome. Is that the expected behaviour?
I expect you would have some sessions listed in this case. It appears the site has never been accessed or the logins are not being recorded. Are you just running tracd, or are you running tracd behind a webserver?
Reply all
Reply to author
Forward
0 new messages