#10961 closed defect (fixed)
Version control folder permissions — at Version 12
| Reported by: | Owned by: | Jun Omae | |
|---|---|---|---|
| Priority: | normal | Milestone: | 1.0.2 |
| Component: | version control/browser | Version: | 0.12 |
| Severity: | normal | Keywords: | authzpolicy |
| Cc: | dev@… | Branch: | |
| Release Notes: |
Check permissions for |
||
| API Changes: | |||
| Internal Changes: | |||
Description (last modified by )
Hi,
I want to restrict several folders to several trac users. So I used FineGrainedPermissions.
If we say john not allowed to view the trunk/src/some/location
then I put below in the /var/www/trac/conf/authzpolicy.conf file.
[repository:test_repo@*/source:trunk/src/some/location/*@*] john = !BROWSER_VIEW, !FILE_VIEW
But it not getting effected. (I already give the permissions to group which the john also in for BROWSER_VIEW and FILE_VIEW in admin panel permissions) I need restrict the trunk/src/some/location folder only to john.
Change History (12)
comment:1 by , 11 years ago
comment:2 by , 11 years ago
| Keywords: | authzpolicy verify added |
|---|---|
| Milestone: | → next-stable-1.0.x |
Theoretically AuthzPolicy should be able to handle this as well…
comment:3 by , 11 years ago
| Description: | modified (diff) |
|---|
comment:4 by , 10 years ago
| Cc: | added |
|---|
I think it is needed to check BROWSER_VIEW permission with resource when processing request.
Patch (tested with r12742):
-
trac/versioncontrol/web_ui/browser.py
326 326 return True 327 327 328 328 def process_request(self, req): 329 req.perm.require('BROWSER_VIEW')330 331 329 presel = req.args.get('preselected') 332 330 if presel and (presel + '/').startswith(req.href.browser() + '/'): 333 331 req.redirect(presel) … … 389 387 version=rev_or_latest)) 390 388 display_rev = repos.display_rev 391 389 390 if node: 391 req.perm(node.resource).require('BROWSER_VIEW') 392 else: 393 req.perm.require('BROWSER_VIEW') 394 392 395 # Prepare template data 393 396 path_links = get_path_links(req.href, reponame, path, rev, 394 397 order, desc)
comment:5 by , 10 years ago
| Description: | modified (diff) |
|---|
comment:6 by , 10 years ago
| Keywords: | verify removed |
|---|---|
| Owner: | set to |
| Status: | new → assigned |
Defect confirmed.
It is not entirely clear to me what the allowed realms should be. On the one hand we have two aliases for source TracLinks: TracLinks. However, browser is not registered as a realm with the ResourceManager: tags/trac-1.0.1/trac/versioncontrol/api.py@:366#L364.
With the following change,
-
trac/versioncontrol/web_ui/browser.py
diff --git a/trac/versioncontrol/web_ui/browser.py b/trac/versioncontrol/web_ui/ index b07466e..030854f 100644
a b class BrowserModule(Component): 326 326 return True 327 327 328 328 def process_request(self, req): 329 req.perm.require('BROWSER_VIEW')330 331 329 presel = req.args.get('preselected') 332 330 if presel and (presel + '/').startswith(req.href.browser() + '/'): 333 331 req.redirect(presel) … … class BrowserModule(Component): 341 339 desc = 'desc' in req.args 342 340 xhr = req.get_header('X-Requested-With') == 'XMLHttpRequest' 343 341 342 req.perm('source', path).require('BROWSER_VIEW') 343 344 344 rm = RepositoryManager(self.env) 345 345 all_repositories = rm.get_all_repositories() 346 346 reponame, repos, path = rm.get_repository_by_path(path)
we get a PermissionError with a proper message:
If we change the realm of the permission check to the repository realm the message isn't quite as good:
If browser was returned by the ResourceManager, we could check all 3 realms:
-
trac/versioncontrol/web_ui/browser.py
diff --git a/trac/versioncontrol/web_ui/browser.py b/trac/versioncontrol/web_ui/ index b07466e..c49d7b5 100644
a b class BrowserModule(Component): 326 326 return True 327 327 328 328 def process_request(self, req): 329 req.perm.require('BROWSER_VIEW')330 331 329 presel = req.args.get('preselected') 332 330 if presel and (presel + '/').startswith(req.href.browser() + '/'): 333 331 req.redirect(presel) … … class BrowserModule(Component): 342 340 xhr = req.get_header('X-Requested-With') == 'XMLHttpRequest' 343 341 344 342 rm = RepositoryManager(self.env) 343 for realm in rm.get_resource_realms(): 344 req.perm(realm, path).require('BROWSER_VIEW') 345 345 346 all_repositories = rm.get_all_repositories() 346 347 reponame, repos, path = rm.get_repository_by_path(path)
However, I tend to think we should just use source as the realm for TracFineGrainedPermissions checks. Please let me know if you have other opinions on how the fix should be implemented.
comment:7 by , 10 years ago
We could use is_viewable() method of Repository and Node classes to check viewable rather than directly using req.perm and the realms.
See tags/trac-1.0.1/trac/versioncontrol/api.py#L960 and #L1078.
-
trac/versioncontrol/web_ui/browser.py
diff --git a/trac/versioncontrol/web_ui/browser.py b/trac/versioncontrol/web_ui/browser.py index b07466e..fb20174 100644
a b from genshi.builder import tag 24 24 from trac.config import ListOption, BoolOption, Option 25 25 from trac.core import * 26 26 from trac.mimeview.api import IHTMLPreviewAnnotator, Mimeview, is_binary 27 from trac.perm import IPermissionRequestor 27 from trac.perm import IPermissionRequestor, PermissionError 28 28 from trac.resource import Resource, ResourceNotFound 29 29 from trac.util import as_bool, embedded_numbers 30 30 from trac.util.datefmt import http_date, to_datetime, utc … … class BrowserModule(Component): 326 326 return True 327 327 328 328 def process_request(self, req): 329 req.perm.require('BROWSER_VIEW')330 331 329 presel = req.args.get('preselected') 332 330 if presel and (presel + '/').startswith(req.href.browser() + '/'): 333 331 req.redirect(presel) … … class BrowserModule(Component): 355 353 if not repos and reponame: 356 354 raise ResourceNotFound(_("Repository '%(repo)s' not found", 357 355 repo=reponame)) 356 if not repos.is_viewable(req.perm): 357 raise PermissionError('BROWSER_VIEW', repos.resource, self.env) 358 358 359 359 if reponame and reponame != repos.reponame: # Redirect alias 360 360 qs = req.query_string … … class BrowserModule(Component): 398 398 repo_data = self._render_repository_index( 399 399 context, all_repositories, order, desc) 400 400 if node: 401 if not node.is_viewable(req.perm): 402 raise PermissionError('BROWSER_VIEW' if node.isdir else 403 'FILE_VIEW', node.resource, self.env) 401 404 if node.isdir: 402 405 if format in ('zip',): # extension point here... 403 406 self._render_zip(req, context, repos, node, rev)
comment:8 by , 10 years ago
Using the is_viewable methods looks like the way to go. Please feel free to take control of the ticket and push the change.
comment:10 by , 10 years ago
Proposed changes in jomae.git@t10961_1.0.
BTW, I noticed that authz policy doesn't work for default repository with like this. That's a defect?
[repository:@*] foobar = !BROWSER_VIEW, !FILE_VIEW [repository:(default)@*] foobar = !BROWSER_VIEW, !FILE_VIEW
The following works for default repository but makes all repositories to be not viewable.
[repository:*@*] foobar = !BROWSER_VIEW, !FILE_VIEW
comment:11 by , 10 years ago
| Milestone: | next-stable-1.0.x → 1.0.2 |
|---|
comment:12 by , 10 years ago
| Release Notes: | modified (diff) |
|---|---|
| Resolution: | → fixed |
| Status: | assigned → closed |
You should use AuthzSourcePolicy for controlling access to repositories, not
AuthzPolicy.