Ticket #5246: authz-external-groups-2.patch

trac/versioncontrol/svn_authz.py

@@ -18 +18 @@
 
 import os.path
 
-from trac.config import Option
+from trac.config import Option, BoolOption
 from trac.core import *
 from trac.versioncontrol import Authorizer
+from trac.perm import PermissionSystem
 
 
 class SvnAuthzOptions(Component):
@@ -32 +33 @@
 
     authz_module_name = Option('trac', 'authz_module_name', '',
         """The module prefix used in the authz_file.""")
+    
+    authz_use_perm_groups = BoolOption('trac', 'authz_use_perm_groups', 'false',
+        """Whether to use groups provided by the permission storage instead
+        of the groups defined in the [groups] section of the authz file.
+        """)
 
 
 def SubversionAuthorizer(env, repos, authname):
@@ -44 +50 @@
         env.log.error('[trac] authz_file (%s) does not exist.' % authz_file)
 
     module_name = env.config.get('trac', 'authz_module_name')
-    return RealSubversionAuthorizer(repos, authname, module_name, authz_file)
+    use_perm_groups = env.config.getbool('trac', 'authz_use_perm_groups')
+    perm = PermissionSystem(env)
+    return RealSubversionAuthorizer(repos, authname, module_name, use_perm_groups, perm, authz_file)
 
 def parent_iter(path):
     path = path.strip('/')
@@ -69 +77 @@
     module_name = ''
     conf_authz = None
 
-    def __init__(self, repos, auth_name, module_name, cfg_file, cfg_fp=None):
+    def __init__(self, repos, auth_name, module_name, use_perm_groups, perm, cfg_file, cfg_fp=None):
         self.repos = repos
         self.auth_name = auth_name
         self.module_name = module_name
@@ -81 +89 @@
         elif cfg_file:
             self.conf_authz.read(cfg_file)
 
-        self.groups = self._groups()
+        self.groups = self._groups(use_perm_groups, perm)
 
     def has_permission(self, path):
         if path is None:
@@ -108 +116 @@
 
     # Internal API
 
-    def _groups(self):
+    def _groups(self, use_perm_groups, perm):
+        if use_perm_groups:
+            groups = []
+            for provider in perm.store.group_providers:
+                for group in provider.get_permission_groups(self.auth_name):
+                    if group[0] == '@':
+                        group = group[1:]
+                    groups.append(group)
+            return groups
+
         if not self.conf_authz.has_section('groups'):
             return []