Perform fine-grained permission checks on resource in get_navigation_items

[Ryan J Ollos]

First mentioned in comment:1:ticket:11067, fine-grain permissions checks should be performed in get_navigation_items, taking into account the resource that may be specified in the [mainnav] section through the href option. See comment:4:ticket:11067 for additional suggestions.

[Christian Boos]

We also need to think about a place where to document (or even "register"?) those targets for fine grained permissions. We already have a few non-obvious ones like that ("about:config" IIRC).

[Ryan J Ollos <ryan.j.ollos@…>]

That sounds valuable, but I have no clever ideas on how to accomplish that so far. I suppose we could add documentation to get_navigation_items, parse it and display it with a macro.

The goal is to have a table, such as?:

Admin > General > Logging	admin:general/logging
Roadmap	roadmap
Milestone	milestone:<milestone name>

Somewhat similar, I've previously thought it would be useful to have a way to document permissions in the source code and list them with a TracPermissions macro. This would be particularly useful for allowing plugins to document their permissions and display them in a single location. So far, the only way I can see to accomplish this is to either add documentation to get_permission_actions and parse it, or add a method that returns a tuple of permissions and documentation (get_permission_docs).

[Ryan J Ollos]

It would also be useful to have a permission attribute for navigation items.

[Ryan J Ollos]

Replying to Ryan J Ollos:

It would also be useful to have a permission attribute for navigation items.

This was added in #11317.

[Ryan J Ollos]

#12813 might be needed for this ticket. We may need to get the resource from the path to do fine-grained permission checks on the resource.