ndex: trac/core.py =================================================================== --- trac/core.py (revision 734) +++ trac/core.py (working copy) @@ -29,6 +29,7 @@ import Href import perm +import authzperm import auth import Environment import Session @@ -153,9 +154,9 @@ module.req = req module._name = mode module.db = db - module.perm = perm.PermissionCache(module.db, req.authname) + module.perm = perm.PermissionCache(module.db, req.authname) module.perm.add_to_hdf(req.hdf) - + # Only open the subversion repository for the modules that really # need it. This saves us some precious time. if need_svn: @@ -166,6 +167,7 @@ module.fs_ptr = fs_ptr sync.sync(module.db, rep, fs_ptr, pool) module.pool = pool + module.authzperm = authzperm.AuthzPermission(env,req.authname) return module def open_environment(): Index: trac/db_default.py =================================================================== --- trac/db_default.py (revision 734) +++ trac/db_default.py (working copy) @@ -414,6 +414,7 @@ ('trac', 'repository_dir', '/var/svn/myrep'), ('trac', 'templates_dir', '/usr/lib/trac/templates'), ('trac', 'database', 'sqlite:db/trac.db'), + ('trac', 'authz_file', ''), ('logging', 'log_type', 'none'), ('logging', 'log_file', 'trac.log'), ('logging', 'log_level', 'DEBUG'), Index: trac/perm.py =================================================================== --- trac/perm.py (revision 734) +++ trac/perm.py (working copy) @@ -51,11 +51,15 @@ MILESTONE_MODIFY = 'MILESTONE_MODIFY' MILESTONE_DELETE = 'MILESTONE_DELETE' +AUTHZSVN_VIEW = 'AUTHZSVN_VIEW' +AUTHZSVN_MODIFY = 'AUTHZSVN_MODIFY' + TRAC_ADMIN = 'TRAC_ADMIN' TICKET_ADMIN = 'TICKET_ADMIN' REPORT_ADMIN = 'REPORT_ADMIN' WIKI_ADMIN = 'WIKI_ADMIN' ROADMAP_ADMIN = 'MILESTONE_ADMIN' +AUTHZSVN_ADMIN = 'AUTHZSVN_ADMIN' meta_permission = { TRAC_ADMIN: [TICKET_ADMIN, REPORT_ADMIN, WIKI_ADMIN, ROADMAP_ADMIN, @@ -66,7 +70,8 @@ REPORT_DELETE], WIKI_ADMIN: [WIKI_VIEW, WIKI_CREATE, WIKI_MODIFY, WIKI_DELETE], ROADMAP_ADMIN: [ROADMAP_VIEW, MILESTONE_VIEW, MILESTONE_CREATE, - MILESTONE_MODIFY, MILESTONE_DELETE] + MILESTONE_MODIFY, MILESTONE_DELETE], + AUTHZSVN_ADMIN: [AUTHZSVN_VIEW, AUTHZSVN_MODIFY] } Index: trac/File.py =================================================================== --- trac/File.py (revision 734) +++ trac/File.py (working copy) @@ -31,7 +31,9 @@ import svn import perm +import authzperm import util + from Module import Module from Wiki import wiki_to_html @@ -100,7 +102,7 @@ self.filename = self.args.get('filename', None) if self.filename: self.filename = os.path.basename(self.filename) - + if not self.attachment_type or not self.attachment_id: raise util.TracError('Unknown request') @@ -136,7 +138,7 @@ self.mime_type = self.env.mimeview.get_mimetype(self.filename) \ or 'application/octet-stream' return - + if self.args.has_key('description') and \ self.args.has_key('author') and \ self.args.has_key('attachment') and \ @@ -217,11 +219,13 @@ self.env.href.browser(path)) def display(self): + self.authzperm.assert_permission(self.path) FileCommon.display(self) + def render(self): FileCommon.render(self) - + rev = self.args.get('rev', None) self.path = self.args.get('path', '/') if not rev: @@ -236,7 +240,7 @@ rev = svn.fs.youngest_rev(self.fs_ptr, self.pool) self.generate_path_links(rev, rev_specified) - + try: root = svn.fs.revision_root(self.fs_ptr, rev, self.pool) except svn.core.SubversionException: Index: trac/authzperm.py =================================================================== --- trac/authzperm.py (revision 0) +++ trac/authzperm.py (revision 0) @@ -0,0 +1,75 @@ +# -*- coding: iso8859-1 -*- +# +# Copyright (C) 2004 Edgewall Software +# Copyright (C) 2004 Francois Harvey +# +# Trac is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of the +# License, or (at your option) any later version. +# +# Trac is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# +# Author: Francois Harvey + +from exceptions import StandardError +import ConfigParser +import string +import os + +class AuthzPermissionError (StandardError): + """Insufficient permissions to view this file""" + def __str__ (self): + return 'authz read privileges required to view this file' + + +class AuthzPermission: + auth_name = '' + module_name = '' + conf_authz = None + authz_file = '' + + def __init__(self,env,authname): + if authname == 'anonymous': + self.auth_name = '*' + else: + self.auth_name = authname + self.module_name = env.get_config('project', 'name') + self.autz_file = env.get_config('trac','authz_file') + if env.get_config('trac','authz_file'): + self.conf_authz = ConfigParser.ConfigParser() + self.conf_authz.read( self.autz_file ) + + + def has_permission(self, path): + acc = 'r' + path_comb = '' + + if (path != None) and (self.conf_authz != None) : + if self.conf_authz.has_section(self.module_name + ':/') and self.conf_authz.has_option(self.module_name + ':/', self.auth_name): + acc = self.conf_authz.get(self.module_name + ':/',self.auth_name) + for path_ele in path.split('/'): + if path_ele != '': + path_comb = path_comb + '/' + path_ele + section_name = self.module_name + ':' + path_comb + if self.conf_authz.has_section(section_name) and self.conf_authz.has_option(section_name,self.auth_name): + acc = self.conf_authz.get(section_name ,self.auth_name) + return acc + + def assert_permission (self, path): + if self.has_permission(path) == '': + raise AuthzPermissionError() + +