Subversion Authorization

This was the first system of fine-grained permission for Trac, restricted to the version control modules (see TracFineGrainedPermissions#mod_authz_svn-likepermissionpolicy). It is used together with the Subversion version control backend and is based on interpreting the authz svn access file in a way that should match the Subversion behavior.

However, there are a number of known issues:

Ticket	Summary	Keywords	Version	Milestone
#5246	[PATCH] Use permission system to store groups for authz access control	patch svnauthz authzsourcepolicy	0.10-stable	next-major-releases
#6211	IPermissionPolicy unable to grant WIKI_VIEW access	permissions authzpolicy	devel	next-stable-1.6.x
#6644	Authz_policy plugin doesn't work with [*]	permissions authzpolicy	0.11b1	next-stable-1.6.x
#7650	authz_policy.py - Support Trac groups	authzpolicy groups	0.12dev	unscheduled
#9355	authzpolicy FineGrainedPermissions: configuration file order matters, but more/less specific patterns don't	permissions authzpolicy authz configuration	0.11.6	unscheduled
#9526	Fine Grained Permission possible realms and paths format are not documented.	permissions documentation authzpolicy	0.12	next-major-releases
#10203	[PATCH] AuthzPolicy to allow multiple user/group permissions	permission policies policy AuthzPolicy authzpolicy patch		undecided
#10666	Setting fine grained permissions using AuthzPolicy does not work	authzpolicy verify		next-major-releases
#10873	authzpolicy.conf can not include a common permission setup	authzpolicy inherit		undecided
#11078	Perform fine-grained permission checks on resource in get_navigation_items	permissions authzpolicy		next-major-releases
#11263	AuthzPolicy should allow restricting access to only the most recent version of a resource	authzpolicy	1.0-stable	next-major-releases
#12442	Support per-repository authz_file	svn svn17 authzsourcepolicy		next-major-releases
#12461	Move svn_authz or rename to authz_policy	permissions authzpolicy
#12596	AuthzPolicy should recursively expand groups	authzpolicy permissions		next-major-releases
#12912	AuthzPolicy fine permissions for timeline and search	authz, permissions	1.2.2	next-dev-1.7.x
#12922	AuthzSourcePolicy doesn't deny viewing changeset on restricted path	authzsourcepolicy		next-stable-1.6.x

Triage note: the above list is based on matches for the authz keyword and therefore contains a few false positive ones (tickets related to the AuthzPolicyPlugin). This should be fixed and svn authz tickets should have the svnauthz keyword.

The plan is to simplify the version control modules so that they don't rely on a special system of authorization but rather use the general fine-grained permission system. The existing SubversionAuthorizer should then be turned into a permission policy plugin (see ticket:5640#comment:19).

Ideally this should be done for 0.12, otherwise we'll be stuck with this for yet another cycle.