Ticket #157: mod_authz_perm_p1.patch
| File mod_authz_perm_p1.patch, 6.7 KB (added by Utopiste, 8 years ago) |
|---|
-
trac/core.py
ndex: trac/core.py
29 29 30 30 import Href 31 31 import perm 32 import authzperm 32 33 import auth 33 34 import Environment 34 35 import Session … … 153 154 module.req = req 154 155 module._name = mode 155 156 module.db = db 156 module.perm = perm.PermissionCache(module.db, req.authname) 157 module.perm = perm.PermissionCache(module.db, req.authname) 157 158 module.perm.add_to_hdf(req.hdf) 158 159 159 160 # Only open the subversion repository for the modules that really 160 161 # need it. This saves us some precious time. 161 162 if need_svn: … … 166 167 module.fs_ptr = fs_ptr 167 168 sync.sync(module.db, rep, fs_ptr, pool) 168 169 module.pool = pool 170 module.authzperm = authzperm.AuthzPermission(env,req.authname) 169 171 return module 170 172 171 173 def open_environment(): -
trac/db_default.py
414 414 ('trac', 'repository_dir', '/var/svn/myrep'), 415 415 ('trac', 'templates_dir', '/usr/lib/trac/templates'), 416 416 ('trac', 'database', 'sqlite:db/trac.db'), 417 ('trac', 'authz_file', ''), 417 418 ('logging', 'log_type', 'none'), 418 419 ('logging', 'log_file', 'trac.log'), 419 420 ('logging', 'log_level', 'DEBUG'), -
trac/perm.py
51 51 MILESTONE_MODIFY = 'MILESTONE_MODIFY' 52 52 MILESTONE_DELETE = 'MILESTONE_DELETE' 53 53 54 AUTHZSVN_VIEW = 'AUTHZSVN_VIEW' 55 AUTHZSVN_MODIFY = 'AUTHZSVN_MODIFY' 56 54 57 TRAC_ADMIN = 'TRAC_ADMIN' 55 58 TICKET_ADMIN = 'TICKET_ADMIN' 56 59 REPORT_ADMIN = 'REPORT_ADMIN' 57 60 WIKI_ADMIN = 'WIKI_ADMIN' 58 61 ROADMAP_ADMIN = 'MILESTONE_ADMIN' 62 AUTHZSVN_ADMIN = 'AUTHZSVN_ADMIN' 59 63 60 64 meta_permission = { 61 65 TRAC_ADMIN: [TICKET_ADMIN, REPORT_ADMIN, WIKI_ADMIN, ROADMAP_ADMIN, … … 66 70 REPORT_DELETE], 67 71 WIKI_ADMIN: [WIKI_VIEW, WIKI_CREATE, WIKI_MODIFY, WIKI_DELETE], 68 72 ROADMAP_ADMIN: [ROADMAP_VIEW, MILESTONE_VIEW, MILESTONE_CREATE, 69 MILESTONE_MODIFY, MILESTONE_DELETE] 73 MILESTONE_MODIFY, MILESTONE_DELETE], 74 AUTHZSVN_ADMIN: [AUTHZSVN_VIEW, AUTHZSVN_MODIFY] 70 75 } 71 76 72 77 -
trac/File.py
31 31 import svn 32 32 33 33 import perm 34 import authzperm 34 35 import util 36 35 37 from Module import Module 36 38 from Wiki import wiki_to_html 37 39 … … 100 102 self.filename = self.args.get('filename', None) 101 103 if self.filename: 102 104 self.filename = os.path.basename(self.filename) 103 105 104 106 if not self.attachment_type or not self.attachment_id: 105 107 raise util.TracError('Unknown request') 106 108 … … 136 138 self.mime_type = self.env.mimeview.get_mimetype(self.filename) \ 137 139 or 'application/octet-stream' 138 140 return 139 141 140 142 if self.args.has_key('description') and \ 141 143 self.args.has_key('author') and \ 142 144 self.args.has_key('attachment') and \ … … 217 219 self.env.href.browser(path)) 218 220 219 221 def display(self): 222 self.authzperm.assert_permission(self.path) 220 223 FileCommon.display(self) 224 221 225 222 226 def render(self): 223 227 FileCommon.render(self) 224 228 225 229 rev = self.args.get('rev', None) 226 230 self.path = self.args.get('path', '/') 227 231 if not rev: … … 236 240 rev = svn.fs.youngest_rev(self.fs_ptr, self.pool) 237 241 238 242 self.generate_path_links(rev, rev_specified) 239 243 240 244 try: 241 245 root = svn.fs.revision_root(self.fs_ptr, rev, self.pool) 242 246 except svn.core.SubversionException: -
trac/authzperm.py
1 # -*- coding: iso8859-1 -*- 2 # 3 # Copyright (C) 2004 Edgewall Software 4 # Copyright (C) 2004 Francois Harvey <fharvey@securiweb.net> 5 # 6 # Trac is free software; you can redistribute it and/or 7 # modify it under the terms of the GNU General Public License as 8 # published by the Free Software Foundation; either version 2 of the 9 # License, or (at your option) any later version. 10 # 11 # Trac is distributed in the hope that it will be useful, 12 # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 # General Public License for more details. 15 # 16 # You should have received a copy of the GNU General Public License 17 # along with this program; if not, write to the Free Software 18 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 19 # 20 # Author: Francois Harvey <fharvey@securiweb.net> 21 22 from exceptions import StandardError 23 import ConfigParser 24 import string 25 import os 26 27 class AuthzPermissionError (StandardError): 28 """Insufficient permissions to view this file""" 29 def __str__ (self): 30 return 'authz read privileges required to view this file' 31 32 33 class AuthzPermission: 34 auth_name = '' 35 module_name = '' 36 conf_authz = None 37 authz_file = '' 38 39 def __init__(self,env,authname): 40 if authname == 'anonymous': 41 self.auth_name = '*' 42 else: 43 self.auth_name = authname 44 self.module_name = env.get_config('project', 'name') 45 self.autz_file = env.get_config('trac','authz_file') 46 if env.get_config('trac','authz_file'): 47 self.conf_authz = ConfigParser.ConfigParser() 48 self.conf_authz.read( self.autz_file ) 49 50 51 def has_permission(self, path): 52 acc = 'r' 53 path_comb = '' 54 55 if (path != None) and (self.conf_authz != None) : 56 if self.conf_authz.has_section(self.module_name + ':/') and self.conf_authz.has_option(self.module_name + ':/', self.auth_name): 57 acc = self.conf_authz.get(self.module_name + ':/',self.auth_name) 58 for path_ele in path.split('/'): 59 if path_ele != '': 60 path_comb = path_comb + '/' + path_ele 61 section_name = self.module_name + ':' + path_comb 62 if self.conf_authz.has_section(section_name) and self.conf_authz.has_option(section_name,self.auth_name): 63 acc = self.conf_authz.get(section_name ,self.auth_name) 64 return acc 65 66 def assert_permission (self, path): 67 if self.has_permission(path) == '': 68 raise AuthzPermissionError() 69 70
