Edgewall Software
Modify

Opened 6 years ago

Last modified 2 years ago

#11078 new enhancement

Perform fine-grained permission checks on resource in get_navigation_items

Reported by: Ryan J Ollos Owned by:
Priority: normal Milestone: next-major-releases
Component: wiki system Version:
Severity: normal Keywords: permissions authzpolicy
Cc: Branch:
Release Notes:
API Changes:

Description

First mentioned in comment:1:ticket:11067, fine-grain permissions checks should be performed in get_navigation_items, taking into account the resource that may be specified in the [mainnav] section through the href option. See comment:4:ticket:11067 for additional suggestions.

Attachments (0)

Change History (6)

comment:1 by Christian Boos, 6 years ago

Milestone: next-major-releases

We also need to think about a place where to document (or even "register"?) those targets for fine grained permissions. We already have a few non-obvious ones like that ("about:config" IIRC).

comment:2 by Ryan J Ollos <ryan.j.ollos@…>, 6 years ago

That sounds valuable, but I have no clever ideas on how to accomplish that so far. I suppose we could add documentation to get_navigation_items, parse it and display it with a macro.

The goal is to have a table, such as?:

Admin > General > Logging admin:general/logging
Roadmap roadmap
Milestone milestone:<milestone name>

Somewhat similar, I've previously thought it would be useful to have a way to document permissions in the source code and list them with a TracPermissions macro. This would be particularly useful for allowing plugins to document their permissions and display them in a single location. So far, the only way I can see to accomplish this is to either add documentation to get_permission_actions and parse it, or add a method that returns a tuple of permissions and documentation (get_permission_docs).

comment:3 by Ryan J Ollos, 5 years ago

Reporter: changed from Ryan J Ollos <ryan.j.ollos@…> to Ryan J Ollos

comment:4 by Ryan J Ollos, 2 years ago

It would also be useful to have a permission attribute for navigation items.

in reply to:  4 comment:5 by Ryan J Ollos, 2 years ago

Replying to Ryan J Ollos:

It would also be useful to have a permission attribute for navigation items.

This was added in #11317.

comment:6 by Ryan J Ollos, 2 years ago

#12813 might be needed for this ticket. We may need to get the resource from the path to do fine-grained permission checks on the resource.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as new The ticket will remain with no owner.
The ticket will be disowned. Next status will be 'new'.
as The resolution will be set. Next status will be 'closed'.
The owner will be changed from (none) to anonymous. Next status will be 'assigned'.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.