Version control folder permissions

[chamith.malinda@…]

Hi,

I want to restrict several folders to several trac users. So I used FineGrainedPermissions.

If we say john not allowed to view the trunk/src/some/location then I put below in the /var/www/trac/conf/authzpolicy.conf file.

[repository:test_repo@*/source:trunk/src/some/location/*@*]
john = !BROWSER_VIEW, !FILE_VIEW

But it not getting effected. (I already give the permissions to group which the john also in for BROWSER_VIEW and FILE_VIEW in admin panel permissions) I need restrict the trunk/src/some/location folder only to john.

[Remy Blank]

You should use AuthzSourcePolicy for controlling access to repositories, not AuthzPolicy.

[Christian Boos]

Theoretically AuthzPolicy should be able to handle this as well…

[theYT <dev@…>]

I think it is needed to check BROWSER_VIEW permission with resource when processing request.

Patch (tested with r12742):

trac/versioncontrol/web_ui/browser.py

@@ -326 +326 @@
             return True
 
     def process_request(self, req):
-        req.perm.require('BROWSER_VIEW')
-
         presel = req.args.get('preselected')
         if presel and (presel + '/').startswith(req.href.browser() + '/'):
             req.redirect(presel)
@@ -389 +387 @@
                                                    version=rev_or_latest))
             display_rev = repos.display_rev
 
+        if node:
+            req.perm(node.resource).require('BROWSER_VIEW')
+        else:
+            req.perm.require('BROWSER_VIEW')
+
         # Prepare template data
         path_links = get_path_links(req.href, reponame, path, rev,
                                     order, desc)