| 1 | == Extension Point : ''IPermissionGroupProvider'' == |
| 2 | |
| 3 | ||'''Interface'''||''IPermissionGroupProvider''||'''Since'''||0.9|| |
| 4 | ||'''Module'''||''trac.perm''||'''Source'''||[source:trunk/trac/perm.py perm.py]|| |
| 5 | |
| 6 | The ''IPermissionGroupProvider'' implementations define permission group membership information. |
| 7 | |
| 8 | == Purpose == |
| 9 | |
| 10 | The TracPermissions system supports hierarchical [TracPermissions#PermissionGroups groups] to bundle and inherit permissions. The IPermissionGroupProvider interface can be used to get group membership information for users (e.g. from arbitrary external data sources). |
| 11 | |
| 12 | (Note that currently the [TracPermissions#AddingaNewGroupandPermissions admin defined groups] are provided by the [source:trunk/trac/perm.py DefaultPermissionStore], not an IPermissionGroupProvider. See #5648) |
| 13 | |
| 14 | == Usage == |
| 15 | |
| 16 | Implementing the interface follows the standard guidelines found in [wiki:TracDev/ComponentArchitecture] and of course [wiki:TracDev/PluginDevelopment]. |
| 17 | |
| 18 | The group providers are called by the permissions system to provide the group membership information for a certain user name. This information is automatically cached and reused for some time. |
| 19 | |
| 20 | == Examples == |
| 21 | |
| 22 | The following example uses an [http://timgolden.me.uk/python/active_directory.html active_directory] module to provide group membership information from Windows' default Active Directory: |
| 23 | {{{ |
| 24 | #!python |
| 25 | import active_directory |
| 26 | from trac.core import * |
| 27 | from trac.perm import IPermissionGroupProvider |
| 28 | |
| 29 | class ActiveDirectoryPermissionGroupProvider(Component): |
| 30 | """Permission group provider providing Active Directory group membership |
| 31 | information.""" |
| 32 | |
| 33 | implements(IPermissionGroupProvider) |
| 34 | |
| 35 | def get_permission_groups(self, username): |
| 36 | aduser = active_directory.find_user(username) |
| 37 | return list(aduser.memberOf) |
| 38 | }}} |
| 39 | |
| 40 | == Available Implementations == |
| 41 | |
| 42 | In Trac: |
| 43 | || [source:trunk/trac/perm.py DefaultPermissionGroupProvider] || Provides the basic builtin permission groups 'anonymous' and 'authenticated'. || |
| 44 | |
| 45 | |
| 46 | In third-party plugins: |
| 47 | |
| 48 | || th:LdapPlugin || Provides groups from LDAP. || |
| 49 | || th:HtgroupsPlugin || Provides groups from a `.htgroup` file (usually used with Apache's `AuthGroupFile` or `AuthDigestGroupFile` directives). || |
| 50 | || th:AuthzGroupsPlugin || Provides groups from the SVN authz file. || |
| 51 | || th:TracSysgroupsPlugin || Provides groups from the unix / linux system groups. || |
| 52 | || th:UnixGroupsPlugin || Provides groups from the unix system groups. || |
| 53 | || th:TracUnixGroupsPlugin || Provide groups from the unix system groups. || |
| 54 | || th:wiki:SQLAuthStorePlugin || Provide groups from the SQL database. || |
| 55 | || [http://code.google.com/p/tracgoogleappsauthplugin/ TracGoogleAppsAuthPlugin] || Provide groups from a hosted Google Apps domain. || |
| 56 | || th:TracForgePlugin || Adds cross-project permissions with virtual groups. || |
| 57 | |
| 58 | == Additional Information and References == |
| 59 | |
| 60 | * [http://www.edgewall.org/docs/trac-trunk/epydoc/trac.perm.IPermissionGroupProvider-class.html Epydoc API Reference] |
| 61 | * See also [../trac.perm.IPermissionStore IPermissionStore], [../trac.perm.IPermissionPolicy IPermissionPolicy], [../trac.perm.IPermissionRequestor IPermissionRequestor] |
| 62 | * Related tickets: |
| 63 | * #5648 Move user defined groups to IPermissionGroupProvider implementation |
| 64 | * #2194 Provide user credentials to IPermissionGroupProvider |
| 65 | * [query:status!=closed&keywords~=group group in keywords] |
| 66 | * Related mailing list topics: |
| 67 | * Early [Trac-ML:3072 design discussion] |
| 68 | * Some discussion about possible [trac-dev:2758 future enhancements] |