Ticket #157: mod_authz_perm_p1.2.patch
| File mod_authz_perm_p1.2.patch, 9.3 KB (added by utopiste, 8 years ago) |
|---|
-
core.py
30 30 31 31 import Href 32 32 import perm 33 import authzperm 33 34 import auth 34 35 import Environment 35 36 import Session … … 154 155 module.req = req 155 156 module._name = mode 156 157 module.db = db 157 module.perm = perm.PermissionCache(module.db, req.authname) 158 module.perm = perm.PermissionCache(module.db, req.authname) 158 159 module.perm.add_to_hdf(req.hdf) 159 160 160 161 # Only open the subversion repository for the modules that really 161 162 # need it. This saves us some precious time. 162 163 if need_svn: … … 167 168 module.fs_ptr = fs_ptr 168 169 sync.sync(module.db, rep, fs_ptr, pool) 169 170 module.pool = pool 171 module.authzperm = authzperm.AuthzPermission(env,req.authname) 170 172 return module 171 173 172 174 def open_environment(): -
db_default.py
415 415 ('trac', 'repository_dir', '/var/svn/myrep'), 416 416 ('trac', 'templates_dir', '/usr/lib/trac/templates'), 417 417 ('trac', 'database', 'sqlite:db/trac.db'), 418 ('trac', 'authz_file', ''), 418 419 ('trac', 'default_charset', 'iso-8859-15'), 419 420 ('logging', 'log_type', 'none'), 420 421 ('logging', 'log_file', 'trac.log'), -
perm.py
51 51 MILESTONE_MODIFY = 'MILESTONE_MODIFY' 52 52 MILESTONE_DELETE = 'MILESTONE_DELETE' 53 53 54 AUTHZSVN_VIEW = 'AUTHZSVN_VIEW' 55 AUTHZSVN_MODIFY = 'AUTHZSVN_MODIFY' 56 54 57 TRAC_ADMIN = 'TRAC_ADMIN' 55 58 TICKET_ADMIN = 'TICKET_ADMIN' 56 59 REPORT_ADMIN = 'REPORT_ADMIN' 57 60 WIKI_ADMIN = 'WIKI_ADMIN' 58 61 ROADMAP_ADMIN = 'MILESTONE_ADMIN' 62 AUTHZSVN_ADMIN = 'AUTHZSVN_ADMIN' 59 63 60 64 meta_permission = { 61 65 TRAC_ADMIN: [TICKET_ADMIN, REPORT_ADMIN, WIKI_ADMIN, ROADMAP_ADMIN, … … 66 70 REPORT_DELETE], 67 71 WIKI_ADMIN: [WIKI_VIEW, WIKI_CREATE, WIKI_MODIFY, WIKI_DELETE], 68 72 ROADMAP_ADMIN: [ROADMAP_VIEW, MILESTONE_VIEW, MILESTONE_CREATE, 69 MILESTONE_MODIFY, MILESTONE_DELETE] 73 MILESTONE_MODIFY, MILESTONE_DELETE], 74 AUTHZSVN_ADMIN: [AUTHZSVN_VIEW, AUTHZSVN_MODIFY] 70 75 } 71 76 72 77 -
File.py
31 31 import svn 32 32 33 33 import perm 34 import authzperm 34 35 import util 35 36 import Module 36 37 from WikiFormatter import wiki_to_html … … 109 110 self.filename = self.args.get('filename', None) 110 111 if self.filename: 111 112 self.filename = os.path.basename(self.filename) 112 113 113 114 if not self.attachment_type or not self.attachment_id: 114 115 raise util.TracError('Unknown request') 115 116 … … 145 146 self.mime_type = self.env.mimeview.get_mimetype(self.filename) \ 146 147 or 'application/octet-stream' 147 148 return 148 149 149 150 if self.args.has_key('description') and \ 150 151 self.args.has_key('author') and \ 151 152 self.args.has_key('attachment') and \ … … 226 227 self.env.href.browser(path)) 227 228 228 229 def display(self): 230 self.authzperm.assert_permission(self.path) 229 231 FileCommon.display(self) 232 230 233 231 234 def render(self): 232 235 FileCommon.render(self) 233 236 234 237 rev = self.args.get('rev', None) 235 238 self.path = self.args.get('path', '/') 236 239 if not rev: … … 245 248 rev = svn.fs.youngest_rev(self.fs_ptr, self.pool) 246 249 247 250 self.generate_path_links(rev, rev_specified) 248 251 249 252 try: 250 253 root = svn.fs.revision_root(self.fs_ptr, rev, self.pool) 251 254 except svn.core.SubversionException: -
authzperm.py
1 # -*- coding: iso8859-1 -*- 2 # 3 # Copyright (C) 2004 Edgewall Software 4 # Copyright (C) 2004 Francois Harvey <fharvey@securiweb.net> 5 # 6 # Trac is free software; you can redistribute it and/or 7 # modify it under the terms of the GNU General Public License as 8 # published by the Free Software Foundation; either version 2 of the 9 # License, or (at your option) any later version. 10 # 11 # Trac is distributed in the hope that it will be useful, 12 # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 # General Public License for more details. 15 # 16 # You should have received a copy of the GNU General Public License 17 # along with this program; if not, write to the Free Software 18 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 19 # 20 # Author: Francois Harvey <fharvey@securiweb.net> 21 22 from exceptions import StandardError 23 import ConfigParser 24 import string 25 import os 26 27 class AuthzPermissionError (StandardError): 28 """Insufficient permissions to view this file""" 29 def __str__ (self): 30 return 'authz read privileges required to view this file' 31 32 33 class AuthzPermission: 34 auth_name = '' 35 module_name = '' 36 conf_authz = None 37 authz_file = '' 38 39 def __init__(self,env,authname): 40 if authname == 'anonymous': 41 self.auth_name = '*' 42 else: 43 self.auth_name = authname 44 self.module_name = env.get_config('project', 'name') 45 self.autz_file = env.get_config('trac','authz_file') 46 if env.get_config('trac','authz_file'): 47 self.conf_authz = ConfigParser.ConfigParser() 48 self.conf_authz.read( self.autz_file ) 49 50 # def expand_meta_permission(self, action): 51 # self.perm_cache[action] = 1 52 # if meta_permission.has_key(action): 53 # for perm in meta_permission[action]: 54 # self.expand_meta_permission(perm) 55 56 def has_permission(self, path): 57 acc = 'r' 58 path_comb = '' 59 60 if (path != None) and (self.conf_authz != None) : 61 if self.conf_authz.has_section(self.module_name + ':/') and self.conf_authz.has_option(self.module_name + ':/', self.auth_name): 62 acc = self.conf_authz.get(self.module_name + ':/',self.auth_name) 63 for path_ele in path.split('/'): 64 if path_ele != '': 65 path_comb = path_comb + '/' + path_ele 66 section_name = self.module_name + ':' + path_comb 67 if self.conf_authz.has_section(section_name) and self.conf_authz.has_option(section_name,self.auth_name): 68 acc = self.conf_authz.get(section_name ,self.auth_name) 69 return acc 70 71 def assert_permission (self, path): 72 if self.has_permission(path) == '': 73 raise AuthzPermissionError() 74 75 -
Changeset.py
24 24 import util 25 25 import Diff 26 26 import perm 27 import authzperm 27 28 import Module 28 29 from WikiFormatter import wiki_to_html 29 30 … … 43 44 self.args = args 44 45 self.env = env 45 46 self.fileno = 0 46 47 self.authz = authzperm.AuthzPermission(env,req.authname) 48 47 49 def print_diff (self, old_path, new_path, pool): 48 50 if not old_path or not new_path: 49 51 return … … 52 54 new_rev = svn.fs.node_created_rev(self.new_root, new_path, pool) 53 55 54 56 options = Diff.get_options(self.env, self.req, self.args, 1) 55 differ = svn.fs.FileDiff(self.old_root, old_path, self.new_root, new_path, 57 if (self.authz.has_permission(new_path)): 58 differ = svn.fs.FileDiff(self.old_root, old_path, self.new_root, new_path, 56 59 pool, options) 57 58 59 60 61 62 63 60 differ.get_files() 61 pobj = differ.get_pipe() 62 prefix = 'changeset.diff.files.%d' % (self.fileno) 63 tabwidth = int(self.env.get_config('diff', 'tab_width', '8')) 64 builder = Diff.HDFBuilder(self.req.hdf, prefix, tabwidth) 65 self.fileno += 1 66 builder.writeline('header %s %s | %s %s redaeh' % (old_path, old_rev, 64 67 new_path, new_rev)) 65 66 67 68 69 70 68 while 1: 69 line = pobj.readline() 70 if not line: 71 break 72 builder.writeline(util.escape(util.to_utf8(line))) 73 builder.close() 71 74 72 75 def add_file(self, path, parent_baton, copyfrom_path, 73 76 copyfrom_revision, file_pool): … … 112 115 perm = None 113 116 fs_ptr = None 114 117 pool = None 115 118 116 119 def get_changeset_info (self, rev): 117 120 cursor = self.db.cursor () 118 121 cursor.execute ('SELECT time, author, message FROM revision ' +
