Index: core.py =================================================================== --- core.py (revision 804) +++ core.py (working copy) @@ -30,6 +30,7 @@ import Href import perm +import authzperm import auth import Environment import Session @@ -154,9 +155,9 @@ module.req = req module._name = mode module.db = db - module.perm = perm.PermissionCache(module.db, req.authname) + module.perm = perm.PermissionCache(module.db, req.authname) module.perm.add_to_hdf(req.hdf) - + # Only open the subversion repository for the modules that really # need it. This saves us some precious time. if need_svn: @@ -167,6 +168,7 @@ module.fs_ptr = fs_ptr sync.sync(module.db, rep, fs_ptr, pool) module.pool = pool + module.authzperm = authzperm.AuthzPermission(env,req.authname) return module def open_environment(): Index: db_default.py =================================================================== --- db_default.py (revision 804) +++ db_default.py (working copy) @@ -415,6 +415,7 @@ ('trac', 'repository_dir', '/var/svn/myrep'), ('trac', 'templates_dir', '/usr/lib/trac/templates'), ('trac', 'database', 'sqlite:db/trac.db'), + ('trac', 'authz_file', ''), ('trac', 'default_charset', 'iso-8859-15'), ('logging', 'log_type', 'none'), ('logging', 'log_file', 'trac.log'), Index: perm.py =================================================================== --- perm.py (revision 804) +++ perm.py (working copy) @@ -51,11 +51,15 @@ MILESTONE_MODIFY = 'MILESTONE_MODIFY' MILESTONE_DELETE = 'MILESTONE_DELETE' +AUTHZSVN_VIEW = 'AUTHZSVN_VIEW' +AUTHZSVN_MODIFY = 'AUTHZSVN_MODIFY' + TRAC_ADMIN = 'TRAC_ADMIN' TICKET_ADMIN = 'TICKET_ADMIN' REPORT_ADMIN = 'REPORT_ADMIN' WIKI_ADMIN = 'WIKI_ADMIN' ROADMAP_ADMIN = 'MILESTONE_ADMIN' +AUTHZSVN_ADMIN = 'AUTHZSVN_ADMIN' meta_permission = { TRAC_ADMIN: [TICKET_ADMIN, REPORT_ADMIN, WIKI_ADMIN, ROADMAP_ADMIN, @@ -66,7 +70,8 @@ REPORT_DELETE], WIKI_ADMIN: [WIKI_VIEW, WIKI_CREATE, WIKI_MODIFY, WIKI_DELETE], ROADMAP_ADMIN: [ROADMAP_VIEW, MILESTONE_VIEW, MILESTONE_CREATE, - MILESTONE_MODIFY, MILESTONE_DELETE] + MILESTONE_MODIFY, MILESTONE_DELETE], + AUTHZSVN_ADMIN: [AUTHZSVN_VIEW, AUTHZSVN_MODIFY] } Index: File.py =================================================================== --- File.py (revision 804) +++ File.py (working copy) @@ -31,6 +31,7 @@ import svn import perm +import authzperm import util import Module from WikiFormatter import wiki_to_html @@ -109,7 +110,7 @@ self.filename = self.args.get('filename', None) if self.filename: self.filename = os.path.basename(self.filename) - + if not self.attachment_type or not self.attachment_id: raise util.TracError('Unknown request') @@ -145,7 +146,7 @@ self.mime_type = self.env.mimeview.get_mimetype(self.filename) \ or 'application/octet-stream' return - + if self.args.has_key('description') and \ self.args.has_key('author') and \ self.args.has_key('attachment') and \ @@ -226,11 +227,13 @@ self.env.href.browser(path)) def display(self): + self.authzperm.assert_permission(self.path) FileCommon.display(self) + def render(self): FileCommon.render(self) - + rev = self.args.get('rev', None) self.path = self.args.get('path', '/') if not rev: @@ -245,7 +248,7 @@ rev = svn.fs.youngest_rev(self.fs_ptr, self.pool) self.generate_path_links(rev, rev_specified) - + try: root = svn.fs.revision_root(self.fs_ptr, rev, self.pool) except svn.core.SubversionException: Index: authzperm.py =================================================================== --- authzperm.py (revision 0) +++ authzperm.py (revision 0) @@ -0,0 +1,75 @@ +# -*- coding: iso8859-1 -*- +# +# Copyright (C) 2004 Edgewall Software +# Copyright (C) 2004 Francois Harvey +# +# Trac is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of the +# License, or (at your option) any later version. +# +# Trac is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# +# Author: Francois Harvey + +from exceptions import StandardError +import ConfigParser +import string +import os + +class AuthzPermissionError (StandardError): + """Insufficient permissions to view this file""" + def __str__ (self): + return 'authz read privileges required to view this file' + + +class AuthzPermission: + auth_name = '' + module_name = '' + conf_authz = None + authz_file = '' + + def __init__(self,env,authname): + if authname == 'anonymous': + self.auth_name = '*' + else: + self.auth_name = authname + self.module_name = env.get_config('project', 'name') + self.autz_file = env.get_config('trac','authz_file') + if env.get_config('trac','authz_file'): + self.conf_authz = ConfigParser.ConfigParser() + self.conf_authz.read( self.autz_file ) + +# def expand_meta_permission(self, action): +# self.perm_cache[action] = 1 +# if meta_permission.has_key(action): +# for perm in meta_permission[action]: +# self.expand_meta_permission(perm) + + def has_permission(self, path): + acc = 'r' + path_comb = '' + + if (path != None) and (self.conf_authz != None) : + if self.conf_authz.has_section(self.module_name + ':/') and self.conf_authz.has_option(self.module_name + ':/', self.auth_name): + acc = self.conf_authz.get(self.module_name + ':/',self.auth_name) + for path_ele in path.split('/'): + if path_ele != '': + path_comb = path_comb + '/' + path_ele + section_name = self.module_name + ':' + path_comb + if self.conf_authz.has_section(section_name) and self.conf_authz.has_option(section_name,self.auth_name): + acc = self.conf_authz.get(section_name ,self.auth_name) + return acc + + def assert_permission (self, path): + if self.has_permission(path) == '': + raise AuthzPermissionError() + + Index: Changeset.py =================================================================== --- Changeset.py (revision 804) +++ Changeset.py (working copy) @@ -24,6 +24,7 @@ import util import Diff import perm +import authzperm import Module from WikiFormatter import wiki_to_html @@ -43,7 +44,8 @@ self.args = args self.env = env self.fileno = 0 - + self.authz = authzperm.AuthzPermission(env,req.authname) + def print_diff (self, old_path, new_path, pool): if not old_path or not new_path: return @@ -52,22 +54,23 @@ new_rev = svn.fs.node_created_rev(self.new_root, new_path, pool) options = Diff.get_options(self.env, self.req, self.args, 1) - differ = svn.fs.FileDiff(self.old_root, old_path, self.new_root, new_path, + if (self.authz.has_permission(new_path)): + differ = svn.fs.FileDiff(self.old_root, old_path, self.new_root, new_path, pool, options) - differ.get_files() - pobj = differ.get_pipe() - prefix = 'changeset.diff.files.%d' % (self.fileno) - tabwidth = int(self.env.get_config('diff', 'tab_width', '8')) - builder = Diff.HDFBuilder(self.req.hdf, prefix, tabwidth) - self.fileno += 1 - builder.writeline('header %s %s | %s %s redaeh' % (old_path, old_rev, + differ.get_files() + pobj = differ.get_pipe() + prefix = 'changeset.diff.files.%d' % (self.fileno) + tabwidth = int(self.env.get_config('diff', 'tab_width', '8')) + builder = Diff.HDFBuilder(self.req.hdf, prefix, tabwidth) + self.fileno += 1 + builder.writeline('header %s %s | %s %s redaeh' % (old_path, old_rev, new_path, new_rev)) - while 1: - line = pobj.readline() - if not line: - break - builder.writeline(util.escape(util.to_utf8(line))) - builder.close() + while 1: + line = pobj.readline() + if not line: + break + builder.writeline(util.escape(util.to_utf8(line))) + builder.close() def add_file(self, path, parent_baton, copyfrom_path, copyfrom_revision, file_pool): @@ -112,7 +115,7 @@ perm = None fs_ptr = None pool = None - + def get_changeset_info (self, rev): cursor = self.db.cursor () cursor.execute ('SELECT time, author, message FROM revision ' +