| | 1 | = ReadonlyWikiPolicy |
| | 2 | |
| | 3 | Permissions policy added in Trac 1.1.2 which enables and enforces the read-only attribute on wiki pages. |
| | 4 | |
| | 5 | Earlier versions of Trac had a defect in which the read-only attribute would not be checked when adding attachments to wiki pages, allowing users with `WIKI_MODIFY` to add attachments to read-only wiki pages rather than enforcing the requirement of `WIKI_ADMIN`. In #11244, the `ReadonlyWikiPolicy` was added, which unequivocally requires `WIKI_ADMIN` for modifying, deleting or renaming for read-only pages (and adding an attachment requires permission to modify the page). Enforcing the read-only attribute through a permission policy additionally allows a custom permission policy to be written for enforcing the read-only attribute. |
| | 6 | |
| | 7 | For new Trac installations in 1.1.2 and later, `ReadonlyWikiPolicy` is enabled by default. When upgrading from earlier versions, `ReadonlyWikiPolicy` need to be added to `permission_policies`. If the default list of permission policies is in effect, then `ReadonlyWikiPolicy` only needs to be added to the front of the list. |
| | 8 | {{{#!ini |
| | 9 | [trac] |
| | 10 | permission_policies = ReadonlyWikiPolicy, |
| | 11 | DefaultPermissionPolicy, |
| | 12 | LegacyAttachmentPolicy |
| | 13 | }}} |
| | 14 | |
| | 15 | When other permission policies are active, care will need to be taken to ensure the proper ordering. See TracFineGrainedPermissions#ReadonlyWikiPolicy for more details. |
