Opened 11 years ago
Last modified 10 years ago
#10961 closed defect
Version control folder permissions — at Version 5
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | normal | Milestone: | 1.0.2 |
Component: | version control/browser | Version: | 0.12 |
Severity: | normal | Keywords: | authzpolicy |
Cc: | dev@… | Branch: | |
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description (last modified by )
Hi,
I want to restrict several folders to several trac users. So I used FineGrainedPermissions.
If we say john not allowed to view the trunk/src/some/location
then I put below in the /var/www/trac/conf/authzpolicy.conf
file.
[repository:test_repo@*/source:trunk/src/some/location/*@*] john = !BROWSER_VIEW, !FILE_VIEW
But it not getting effected. (I already give the permissions to group which the john also in for BROWSER_VIEW
and FILE_VIEW
in admin panel permissions) I need restrict the trunk/src/some/location
folder only to john.
Change History (5)
comment:1 by , 11 years ago
comment:2 by , 11 years ago
Keywords: | authzpolicy verify added |
---|---|
Milestone: | → next-stable-1.0.x |
Theoretically AuthzPolicy should be able to handle this as well…
comment:3 by , 11 years ago
Description: | modified (diff) |
---|
comment:4 by , 10 years ago
Cc: | added |
---|
I think it is needed to check BROWSER_VIEW
permission with resource when processing request.
Patch (tested with r12742):
-
trac/versioncontrol/web_ui/browser.py
326 326 return True 327 327 328 328 def process_request(self, req): 329 req.perm.require('BROWSER_VIEW')330 331 329 presel = req.args.get('preselected') 332 330 if presel and (presel + '/').startswith(req.href.browser() + '/'): 333 331 req.redirect(presel) … … 389 387 version=rev_or_latest)) 390 388 display_rev = repos.display_rev 391 389 390 if node: 391 req.perm(node.resource).require('BROWSER_VIEW') 392 else: 393 req.perm.require('BROWSER_VIEW') 394 392 395 # Prepare template data 393 396 path_links = get_path_links(req.href, reponame, path, rev, 394 397 order, desc)
comment:5 by , 10 years ago
Description: | modified (diff) |
---|
You should use AuthzSourcePolicy for controlling access to repositories, not
AuthzPolicy
.