Changes between Version 2 and Version 3 of TracFineGrainedPermissions
- Timestamp:
- 12/24/20 10:50:42 (4 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TracFineGrainedPermissions
v2 v3 11 11 == Permission Policies 12 12 13 A great diversity of permission policies can be implemented and Trac comes with a few examples. 13 A great diversity of permission policies can be implemented and Trac comes with a few examples. 14 14 15 15 The active policies are determined by a [TracIni#trac-permission_policies-option configuration setting]: … … 29 29 30 30 Among the optional choices, there is [#AuthzPolicy], a very generic permission policy, based on an Authz-style system. See 31 [trac:source:branches/1.4-stable/tracopt/perm/authz_policy.py authz_policy.py] for details. 31 [trac:source:branches/1.4-stable/tracopt/perm/authz_policy.py authz_policy.py] for details. 32 32 33 33 Another permission policy [#AuthzSourcePolicy], uses the [http://svnbook.red-bean.com/nightly/en/svn.serverconfig.pathbasedauthz.html path-based authorization] defined by Subversion to enforce permissions on the version control system. … … 94 94 * Sections are checked against the current Trac resource descriptor '''IN ORDER''' of appearance in the configuration file. '''ORDER IS CRITICAL'''. 95 95 96 * Once a section matches, the current username is matched against the keys (usernames) of the section, '''IN ORDER'''. 97 * If a key (username) is prefixed with a `@`, it is treated as a group. 96 * Once a section matches, the current username is matched against the keys (usernames) of the section, '''IN ORDER'''. 97 * If a key (username) is prefixed with a `@`, it is treated as a group. 98 98 * If a value (permission) is prefixed with a `!`, the permission is denied rather than granted. 99 99 … … 118 118 }}} 119 119 120 Then: 120 Then: 121 121 * All versions of WikiStart will be viewable by everybody, including anonymous 122 122 * !PrivatePage will be viewable only by john … … 172 172 john = BROWSER_VIEW, FILE_VIEW 173 173 174 # John has BROWSER_VIEW and FILE_VIEW access to all revisions of 'somefile' at trunk/src/some/location only 174 # John has BROWSER_VIEW and FILE_VIEW access to all revisions of 'somefile' at trunk/src/some/location only 175 175 [repository:test_repo@*/source:trunk/src/some/location/somefile@*] 176 176 john = BROWSER_VIEW, FILE_VIEW … … 208 208 === !AuthzSourcePolicy (`mod_authz_svn`-like permission policy) #AuthzSourcePolicy 209 209 210 `AuthzSourcePolicy` can be used for restricting access to the repository. Granular permission control needs a definition file, which is the one used by Subversion's `mod_authz_svn`. 210 `AuthzSourcePolicy` can be used for restricting access to the repository. Granular permission control needs a definition file, which is the one used by Subversion's `mod_authz_svn`. 211 211 More information about this file format and about its usage in Subversion is available in the [http://svnbook.red-bean.com/en/1.7/svn.serverconfig.pathbasedauthz.html Path-Based Authorization] section in the Server Configuration chapter of the svn book. 212 212 … … 251 251 ... 252 252 [repositories] 253 somemodule.dir = /srv/active/svn/somemodule 253 somemodule.dir = /srv/active/svn/somemodule 254 254 }}} 255 255 256 256 where the svn access file, {{{/path/to/svnaccessfile}}}, contains entries such as {{{[somemodule:/some/path]}}}. 257 257 258 '''Note:''' Usernames inside the Authz file __must__ be the same as those used inside trac. 258 '''Note:''' Usernames inside the Authz file __must__ be the same as those used inside trac. 259 259 260 260 Make sure you have ''!AuthzSourcePolicy'' included in the permission_policies list in trac.ini, otherwise the authz permissions file will be ignored. … … 336 336 ---- 337 337 See also: TracPermissions, 338 [http s://trac-hacks.org/wiki/FineGrainedPageAuthzEditorPlugin FineGrainedPageAuthzEditorPlugin] for a simple editor.338 [http://trac-hacks.org/wiki/FineGrainedPageAuthzEditorPlugin FineGrainedPageAuthzEditorPlugin] for a simple editor.