Description

When a page is read only for a user, attachment:picture won't be shown as a picture, but only the text `picture' . if a page is readable, its attachements should be also "readable", IMHO, otherwise a page with some links to picture attachments would look very different.

Example

Details

Workaround

Discussion

There should be no difference in displaying a page with inlined attachments between user with write acl right or user with only read acl right.

HTML:

• logged out:
  <p><img src="/MoinMoinBugs/AttacmentsOnReadOnlyPages?action=AttachFile&amp;do=get&amp;target=test.png" alt="test.png"> </p>
  
  logged in:
  <p><img src="/MoinMoinBugs/AttacmentsOnReadOnlyPages?action=AttachFile&amp;do=get&amp;target=test.png" alt="test.png"> </p>
  
  Sie dürfen die Aktion AttachFile nicht ausführen auf dieser Seite. Anmelden und probieren Sie es noch einmal.

So difference must be in AttachFile action behaviour.

Solution: AttachFile macro was disabled when no write acl was there - at a very high level. This is wrong, as AttachFile has also read-only parts as getting a file attachment (showing pictures, downloading files, listing attachments) and write rights are checked deeper in AttachFile action.

Plan

• Priority: High

• Assigned to: ThomasWaldmann

• Status: Fixed in moin--main--1.3--patch-417

CategoryMoinMoinBugFixed