= ReadonlyWikiPolicy

Permissions policy added in Trac 1.1.2 which enables and enforces the read-only attribute on wiki pages.

Earlier versions of Trac had a defect in which the read-only attribute would not be checked when adding attachments to wiki pages, allowing users with `WIKI_MODIFY` to add attachments to read-only wiki pages rather than enforcing the requirement of `WIKI_ADMIN`. In #11244, the `ReadonlyWikiPolicy` was added, which unequivocally requires `WIKI_ADMIN` for modifying, deleting or renaming for read-only pages (and adding an attachment requires permission to modify the page). Enforcing the read-only attribute through a permission policy additionally allows a custom permission policy to be written for enforcing the read-only attribute.

For new Trac installations in 1.1.2 and later, `ReadonlyWikiPolicy` is enabled by default. When upgrading from earlier versions, `ReadonlyWikiPolicy` need to be added to `permission_policies`. If the default list of permission policies is in effect, then `ReadonlyWikiPolicy` only needs to be added to the front of the list.
{{{#!ini
[trac]
permission_policies = ReadonlyWikiPolicy,
 DefaultPermissionPolicy,
 LegacyAttachmentPolicy
}}}

When other permission policies are active, care will need to be taken to ensure the proper ordering. See TracFineGrainedPermissions#ReadonlyWikiPolicy for more details.