| 23 | |
| 24 | * [http://thread.gmane.org/gmane.comp.version-control.subversion.trac.devel/393/focus=401 Mailing list post] with an example IPermissionPolicy implementation that blocks access to ticket 666. Here an updated version: |
| 25 | {{{ |
| 26 | #!python |
| 27 | from trac.core import * |
| 28 | from trac.perm import IPermissionPolicy |
| 29 | |
| 30 | class Deny666(Component): |
| 31 | implements(IPermissionPolicy) |
| 32 | |
| 33 | def check_permission(self, action, username, resource, perm): |
| 34 | if resource is not None and resource.realm == 'ticket' and \ |
| 35 | resource.id == 666: |
| 36 | self.log.info("This is the Devil's work") |
| 37 | return False |
| 38 | }}} |
| 39 | |
| 40 | * Another [http://thread.gmane.org/gmane.comp.version-control.subversion.trac.devel/393/focus=402 mailing list post] with an example IPermissionPolicy implementation based on [h:TagsPlugin]. (Adding a tag 'john:view' on a wiki page or ticket would allow the user 'john' to WIKI_VIEW or TICKET_VIEW that resource. Adding a tag 'john:-view' would disallow it.) Here an updated version: |
| 41 | {{{ |
| 42 | #!python |
| 43 | from trac.core import * |
| 44 | from trac.perm import IPermissionPolicy |
| 45 | |
| 46 | class TagPolicy(Component): |
| 47 | """ Security policy based on tags. """ |
| 48 | implements(IPermissionPolicy) |
| 49 | |
| 50 | def check_permission(self, action, username, resource, perm): |
| 51 | if resource is None: return None |
| 52 | |
| 53 | if action.startswith('WIKI_') or action.startswith('TICKET_'): |
| 54 | from tractags.api import TagSystem |
| 55 | |
| 56 | class FakeRequest(object): |
| 57 | def __init__(self, perm): |
| 58 | self.perm = perm |
| 59 | |
| 60 | req = FakeRequest(perm) |
| 61 | tags = TagSystem().get_tags(req, resource) |
| 62 | |
| 63 | permission = action.lower().split('_')[1] |
| 64 | ptag = ':'.join((username, permission)) |
| 65 | if ptag in tags: |
| 66 | return True |
| 67 | |
| 68 | nptag = ':-'.join((username, permission)) |
| 69 | if nptag in tags: |
| 70 | return False |
| 71 | }}} |