Changes between Version 1 and Version 2 of TracFineGrainedPermissions
- Timestamp:
- Aug 7, 2013, 1:34:27 PM (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TracFineGrainedPermissions
v1 v2 1 [[PageOutline(2-5, Contents, floated)]] 1 2 = Fine grained permissions = 2 3 … … 31 32 ==== Configuration ==== 32 33 * Install [http://www.voidspace.org.uk/python/configobj.html ConfigObj] (still needed for 0.12). 33 * Copy authz_policy.py into your plugins directory .34 * Copy authz_policy.py into your plugins directory (only for Trac 0.11). 34 35 * Put a [http://swapoff.org/files/authzpolicy.conf authzpolicy.conf] file somewhere, preferably on a secured location on the server, not readable for others than the webuser. If the file contains non-ASCII characters, the UTF-8 encoding should be used. 35 36 * Update your `trac.ini`: … … 40 41 permission_policies = AuthzPolicy, DefaultPermissionPolicy, LegacyAttachmentPolicy 41 42 }}} 42 2. add a new `[authz_policy]` section43 1. add a new `[authz_policy]` section 43 44 {{{ 44 45 [authz_policy] 45 46 authz_file = /some/trac/env/conf/authzpolicy.conf 46 47 }}} 47 3. enable the single file plugin48 1. enable the plugin through [/admin/general/plugin WebAdmin] or by editing the `[components]` section 48 49 {{{ 49 50 [components] … … 54 55 #authz_policy.* = enabled 55 56 }}} 57 58 56 59 ==== Usage Notes ==== 57 60 Note that the order in which permission policies are specified is quite critical, … … 107 110 denied rather than granted. 108 111 109 The username will match any of 'anonymous', 110 'authenticated', <username> or '*', using normal Trac permission rules. 112 The username will match any of 'anonymous', 'authenticated', <username> or '*', using normal Trac permission rules. || '''Note:''' Other groups which are created by user (e.g. by 'adding subjects to groups' on web interface page //Admin / Permissions//) cannot be used. See [trac:ticket:5648 #5648] for details about this missing feature || 111 113 112 114 For example, if the `authz_file` contains: … … 190 192 191 193 194 ==== Missing Features ==== 195 Although possible with the !DefaultPermissionPolicy handling (see Admin panel), fine-grained permissions still miss those grouping features (see [trac:ticket:9573 #9573], [trac:ticket:5648 #5648]). Patches are partially available, see forgotten authz_policy.2.patch part of [trac:ticket:6680 #6680]). 196 197 You cannot do the following: 198 {{{ 199 [groups] 200 team1 = a, b, c 201 team2 = d, e, f 202 team3 = g, h, i 203 departmentA = team1, team2 204 }}} 205 206 Permission groups are not supported either. You cannot do the following: 207 {{{ 208 [groups] 209 permission_level_1 = WIKI_VIEW, TICKET_VIEW 210 permission_level_2 = permission_level_1, WIKI_MODIFY, TICKET_MODIFY 211 [*] 212 @team1 = permission_level_1 213 @team2 = permission_level_2 214 @team3 = permission_level_2, TICKET_CREATE 215 }}} 216 192 217 === !AuthzSourcePolicy (mod_authz_svn-like permission policy) === #AuthzSourcePolicy 193 218