Ticket #13553 (confirmed Bug)
catalog+anonymous = nothing
Reported by: | dr460neye | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | 4.x |
Component: | Backend (Python) | Version: | 4.2 |
Keywords: | catalog, ldap, security, roles, anonymous | Cc: |
Description
CatalogTool.py line 358
if 'Anonymous' in result:
# The anonymous user has no further roles return Anonymous?
Combination with ldap and temporary users.
f.e. you create user accounts which should get their total rolemapping by groups you get a big problem by this line of code.
the basic setup in ldap maps to 2 default roles: Anonymous,Member
If a user should not get any previleges after loggin in we changed the defaul roles to Anonymous only. All other privileges come from ldap groups and their mapping.
Now, at the source snippet you see, the catalog would not show their content to anyone who got the Anonymous role.
This have to change to an if statement like:
if singleRole('Anonymous',result):
# The anonymous user has no further roles return Anonymous?
this would not conflict and be performant. and it's possible that each nonauthorized can login but get no more privileges than everyone else.