Changes between Initial Version and Version 1 of TracDev/PluginDevelopment/ExtensionPoints/trac.perm.IPermissionGroupProvider

Timestamp:

Aug 7, 2011, 2:55:10 PM (13 years ago)

Author:

Peter Suter

Comment:

—

TracDev/PluginDevelopment/ExtensionPoints/trac.perm.IPermissionGroupProvider

@@ +1 @@
+== Extension Point : ''IPermissionGroupProvider'' ==
+
+||'''Interface'''||''IPermissionGroupProvider''||'''Since'''||0.9||
+||'''Module'''||''trac.perm''||'''Source'''||[source:trunk/trac/perm.py perm.py]||
+
+The ''IPermissionGroupProvider'' implementations define permission group membership information.
+
+== Purpose ==
+
+The TracPermissions system supports hierarchical [TracPermissions#PermissionGroups groups] to bundle and inherit permissions. The IPermissionGroupProvider interface can be used to get group membership information for users (e.g. from arbitrary external data sources).
+
+(Note that currently the [TracPermissions#AddingaNewGroupandPermissions admin defined groups] are provided by the [source:trunk/trac/perm.py DefaultPermissionStore], not an IPermissionGroupProvider. See #5648)
+
+== Usage ==
+
+Implementing the interface follows the standard guidelines found in [wiki:TracDev/ComponentArchitecture] and of course [wiki:TracDev/PluginDevelopment].
+
+The group providers are called by the permissions system to provide the group membership information for a certain user name. This information is automatically cached and reused for some time.
+
+== Examples ==
+
+The following example uses an [http://timgolden.me.uk/python/active_directory.html active_directory] module to provide group membership information from Windows' default Active Directory:
+{{{
+#!python
+import active_directory
+from trac.core import *
+from trac.perm import IPermissionGroupProvider
+
+class ActiveDirectoryPermissionGroupProvider(Component):
+    """Permission group provider providing Active Directory group membership 
+    information."""
+
+    implements(IPermissionGroupProvider)
+
+    def get_permission_groups(self, username):
+        aduser = active_directory.find_user(username)
+        return list(aduser.memberOf)
+}}}
+
+== Available Implementations ==
+
+In Trac:
+|| [source:trunk/trac/perm.py DefaultPermissionGroupProvider] || Provides the basic builtin permission groups 'anonymous' and 'authenticated'. ||
+
+
+In third-party plugins:
+
+|| th:LdapPlugin || Provides groups from LDAP. ||
+|| th:HtgroupsPlugin || Provides groups from a `.htgroup` file (usually used with Apache's `AuthGroupFile` or `AuthDigestGroupFile` directives). ||
+|| th:AuthzGroupsPlugin || Provides groups from the SVN authz file. ||
+|| th:TracSysgroupsPlugin || Provides groups from the unix / linux system groups. ||
+|| th:UnixGroupsPlugin || Provides groups from the unix system groups. ||
+|| th:TracUnixGroupsPlugin || Provide groups from the unix system groups. ||
+|| th:wiki:SQLAuthStorePlugin || Provide groups from the SQL database. ||
+|| [http://code.google.com/p/tracgoogleappsauthplugin/ TracGoogleAppsAuthPlugin] || Provide groups from a hosted Google Apps domain. ||
+|| th:TracForgePlugin || Adds cross-project permissions with virtual groups. ||
+
+== Additional Information and References ==
+
+ * [http://www.edgewall.org/docs/trac-trunk/epydoc/trac.perm.IPermissionGroupProvider-class.html Epydoc API Reference]
+ * See also [../trac.perm.IPermissionStore IPermissionStore], [../trac.perm.IPermissionPolicy IPermissionPolicy], [../trac.perm.IPermissionRequestor IPermissionRequestor] 
+ * Related tickets:
+  * #5648 Move user defined groups to IPermissionGroupProvider implementation
+  * #2194 Provide user credentials to IPermissionGroupProvider
+  * [query:status!=closed&keywords~=group group in keywords]
+ * Related mailing list topics:
+  * Early [Trac-ML:3072 design discussion]
+  * Some discussion about possible [trac-dev:2758 future enhancements]