Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 281735

Summary:	updating of repository configuration fails with permission error
Product:	z_Archived	Reporter:	Uno LEE <unolee>
Component:	Mylyn	Assignee:	Mylyn Inbox <mylyn-inbox>
Status:	RESOLVED WORKSFORME	QA Contact:
Severity:	normal
Priority:	P2	CC:	alex, steffen.pingel
Version:	unspecified
Target Milestone:	---
Hardware:	Macintosh
OS:	Mac OS X - Carbon (unsup.)
Whiteboard:

Description Uno LEE

2009-06-27 05:34:44 EDT

Build ID: M20090211-1700

Steps To Reproduce:
1. I log in as authenticated ID & Password, I can't update information and create ticket... if I didn't give permission (TICKET_CREATE, TICKET_VIEW) to anonymous in trac 0.11.
2. Fail 'Update Attributes From Repository' using authenticated perm
3. 'TICKET_VIEW privileges are required to perform this operation' while
executing 'ticket.component.getAll()'



More information:
I'm working on the mac.

- Mylyn 3.2.0.v20090617-0100-e3
- trac 0.11
- xmlrpcplugin : Changeset  6067 
> give permission (XML_RPC) to anonymous

What I'm going to do is;
Only authenticated or admin user can create/view the ticket through eclipse.
But without give these permission to anonymous, it doesn't work(update)

I'm not sure it's a bug of Mylyn or xmlrpcplugin

Comment 1 Uno LEE

2009-06-27 05:41:26 EDT

It may happen because of AccountManagerPlugin.

Comment 2 Uno LEE

2009-06-27 05:48:06 EDT

Regarding comment #1, I'm not using AccountManagerPlugin

trac.web.auth.loginmodule = disabled

here is my trac.ini

acct_mgr.admin.* = enabled
acct_mgr.admin.accountmanageradminpage = enabled
acct_mgr.api.* = enabled
acct_mgr.api.accountmanager = enabled
acct_mgr.db.* = enabled
acct_mgr.htfile.* = enabled
acct_mgr.htfile.htpasswdstore = enabled
acct_mgr.http.* = enabled
acct_mgr.notification.* = enabled
acct_mgr.pwhash.* = enabled
acct_mgr.svnserve.* = enabled
acct_mgr.web_ui.* = enabled
acct_mgr.web_ui.loginmodule = enabled
acct_mgr.web_ui.registrationmodule = disabled

Comment 3 Steffen Pingel

2009-06-27 14:59:18 EDT

Are there any errors in you trac.log if you enable debug mode and do an update of the repository configuration?

Comment 4 Steffen Pingel

2009-06-27 15:00:35 EDT

I would also recommend updating to the latest revision of the XmlRpcPlugin. There were some reports on bug 281590 of failures with older revisions.

Comment 5 Steffen Pingel

2009-06-27 15:06:22 EDT

Can you confirm that I understand this correctly: Unless you grant TICKET_VIEW and XML_RPC permissions to anonymous, authenticated users are not able to update the repository configuration? 

I take it that you only want to allow authenticated users access through xml-rpc?

Comment 6 Uno LEE

2009-06-27 20:15:14 EDT

(In reply to comment #4)
> I would also recommend updating to the latest revision of the XmlRpcPlugin.
> There were some reports on bug 281590 of failures with older revisions.
> 

http://trac-hacks.org/changeset/6067/xmlrpcplugin/trunk

This is what I tested when I report this bug.

Comment 7 Uno LEE

2009-06-27 20:18:51 EDT

(In reply to comment #5)
> Can you confirm that I understand this correctly: Unless you grant TICKET_VIEW
> and XML_RPC permissions to anonymous, authenticated users are not able to
> update the repository configuration? 
> 
> I take it that you only want to allow authenticated users access through
> xml-rpc?
> 

Exactly. 

Also, without TICKET_CREATE permissions to anonymous, authenticated users are not able to create ticket as well.

Yes, what I want is only allow authenticated users access through xml-rpc.

Comment 8 Uno LEE

2009-06-27 20:25:17 EDT

(In reply to comment #6)
> (In reply to comment #4)
> > I would also recommend updating to the latest revision of the XmlRpcPlugin.
> > There were some reports on bug 281590 of failures with older revisions.
> > 
> 
> http://trac-hacks.org/changeset/6067/xmlrpcplugin/trunk
> 
> This is what I tested when I report this bug.
> 

With the latest revision of the XmlRpcPlugin r6116, there are same problems.

Comment 9 Steffen Pingel

2009-07-02 02:53:27 EDT

Can you clarify if you have the account manager plug-in enabled and whether the error also occurs if you disable the account manager plug-in?

Comment 10 Uno LEE

2009-07-02 19:56:17 EDT

(In reply to comment #9)
> Can you clarify if you have the account manager plug-in enabled and whether the
> error also occurs if you disable the account manager plug-in?
> 

Both case, enabling/disabling the account manager plug-in, it has same problem.

Comment 11 Steffen Pingel

2009-07-02 22:34:10 EDT

I haven't tested account manager with 0.11 but I am sure that it works with the standard authentication. Are you certain that you have tested this with account manager disabled, i.e. by using the standard HTTP authentication and not a form-based authentication? Are users able to access http://<repository url>/login/xmlrpc if they are logged in?

Are there any errors in you trac.log if you enable debug mode and do an update of the repository configuration?

Comment 12 Steffen Pingel

2011-01-10 15:58:57 EST

I'm closing this bug due to inactivity. Please feel free to reopen if the problem still persists with the latest version of the Trac connector.